{"id":615,"name":"minimatch","ecosystem":"npm","repository_url":"https://github.com/isaacs/minimatch","issues_count":30507,"created_at":"2025-06-06T15:01:35.946Z","updated_at":"2025-06-06T15:01:35.946Z","purl":"pkg:npm/minimatch","metadata":{"id":2016777,"name":"minimatch","ecosystem":"npm","description":"a glob matcher in javascript","homepage":"https://github.com/isaacs/minimatch#readme","licenses":"ISC","normalized_licenses":["ISC"],"repository_url":"https://github.com/isaacs/minimatch","keywords_array":[],"namespace":null,"versions_count":110,"first_release_published_at":"2011-07-16T08:52:46.751Z","latest_release_published_at":"2024-07-08T23:02:25.545Z","latest_release_number":"10.0.1","last_synced_at":"2025-06-06T00:11:15.238Z","created_at":"2022-04-09T19:39:33.819Z","updated_at":"2025-06-06T00:29:29.216Z","registry_url":"https://www.npmjs.com/package/minimatch","install_command":"npm install minimatch","documentation_url":null,"metadata":{"funding":{"url":"https://github.com/sponsors/isaacs"},"dist-tags":{"v3-legacy":"3.1.2","v3.0-legacy":"3.0.8","legacy-v5":"5.1.6","legacy-v4":"4.2.3","legacy-v7":"7.4.6","latest":"10.0.1"}},"repo_metadata":{"id":488892,"uuid":"2056549","full_name":"isaacs/minimatch","owner":"isaacs","description":"a glob matcher in javascript","archived":false,"fork":false,"pushed_at":"2024-07-08T23:02:12.000Z","size":931,"stargazers_count":3377,"open_issues_count":14,"forks_count":261,"subscribers_count":57,"default_branch":"main","last_synced_at":"2025-05-30T15:58:38.596Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/isaacs.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["isaacs"]}},"created_at":"2011-07-16T02:45:46.000Z","updated_at":"2025-05-30T13:24:02.000Z","dependencies_parsed_at":"2023-07-06T08:01:48.782Z","dependency_job_id":"52205146-f6d9-4486-acc4-eceef4a24df5","html_url":"https://github.com/isaacs/minimatch","commit_stats":{"total_commits":326,"total_committers":31,"mean_commits":"10.516129032258064","dds":"0.11042944785276076","last_synced_commit":"0569cd3373408f9d701d3aab187b3f43a24a0db7"},"previous_names":[],"tags_count":114,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/isaacs","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":257655619,"owners_count":22580864,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"isaacs","name":"isaacs","uuid":"9287","kind":"user","description":"npm inventor, founder npm, Inc.\r\nFormer Node BDFL.\r\nAll opinions are my own. Literally all of them. I own them all.","email":"","website":"http://blog.izs.me","location":"Oakland CA","twitter":"izs","company":"vlt.sh","icon_url":"https://avatars.githubusercontent.com/u/9287?u=55c7d6ddb9f37d0ad9785c313b50d737d58bf79b\u0026v=4","repositories_count":468,"last_synced_at":"2025-06-05T03:58:54.683Z","metadata":{"has_sponsors_listing":true,"funding":{"github":["isaacs"]}},"html_url":"https://github.com/isaacs","funding_links":["https://github.com/sponsors/isaacs"],"total_stars":38306,"followers":15529,"following":5,"created_at":"2022-11-02T16:19:00.493Z","updated_at":"2025-06-05T03:58:54.683Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/isaacs","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/isaacs/repositories"},"tags":[{"name":"v10.0.1","sha":"0569cd3373408f9d701d3aab187b3f43a24a0db7","kind":"tag","published_at":"2024-07-08T23:02:09.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v10.0.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v10.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v10.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v10.0.1/manifests"},{"name":"v10.0.0","sha":"346685ced5203464bb10fd3d4dfa6964f6102ede","kind":"tag","published_at":"2024-07-08T21:51:23.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v10.0.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v10.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v10.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v10.0.0/manifests"},{"name":"v9.0.5","sha":"0de7f45232cad5e3e49e4eb7cd9b6e124ed04b84","kind":"tag","published_at":"2024-06-25T22:40:46.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v9.0.5","html_url":"https://github.com/isaacs/minimatch/releases/tag/v9.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.5/manifests"},{"name":"v9.0.4","sha":"cb4be48a55d64b3a40a745d4a8eb4d1b06507277","kind":"tag","published_at":"2024-03-28T19:42:38.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v9.0.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/v9.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.4/manifests"},{"name":"v9.0.3","sha":"f8b46a317a7695c342402cde52c8b0f7a47add17","kind":"tag","published_at":"2023-07-06T17:05:31.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v9.0.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/v9.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.3/manifests"},{"name":"v9.0.2","sha":"b7bd6d6db0b2521c12f654895971cf81790a5257","kind":"tag","published_at":"2023-06-23T21:12:08.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v9.0.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v9.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.2/manifests"},{"name":"v9.0.1","sha":"f1b11e7906818f0ae455a82fe7c1bfcf655c786d","kind":"tag","published_at":"2023-05-20T20:53:44.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v9.0.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v9.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.1/manifests"},{"name":"v9.0.0","sha":"b95cb1e4404ce374e447b3b1bfde837e74f139bd","kind":"tag","published_at":"2023-04-09T22:14:52.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v9.0.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v9.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v9.0.0/manifests"},{"name":"v7.4.6","sha":"7fb6a36a2d33ffa8266148cc5b5b4ac9a62ee7cd","kind":"tag","published_at":"2023-04-09T20:18:29.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.4.6","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.4.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.6/manifests"},{"name":"v8.0.4","sha":"3093d33a615e2fcf7900fa1ca6916d5151a96072","kind":"tag","published_at":"2023-04-09T20:17:29.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v8.0.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/v8.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v8.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v8.0.4/manifests"},{"name":"v8.0.3","sha":"1c0a3cd1e64504e39e3e3ed67f162b4d8a5b3555","kind":"tag","published_at":"2023-04-03T16:50:49.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v8.0.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/v8.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v8.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v8.0.3/manifests"},{"name":"v7.4.5","sha":"d6c09b749eaba19bca643522d95fc316b3aa65c2","kind":"tag","published_at":"2023-04-03T16:49:43.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.4.5","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.5/manifests"},{"name":"v8.0.2","sha":"cb1b69080ca4f972ce913e2a7ea6720a14b96e39","kind":"tag","published_at":"2023-04-02T03:40:53.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v8.0.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v8.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v8.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v8.0.2/manifests"},{"name":"v8.0.1","sha":"bdddb1d5ae8401c46d1ed8310dc42e8891f1d3d6","kind":"tag","published_at":"2023-04-02T03:38:52.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v8.0.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v8.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v8.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v8.0.1/manifests"},{"name":"v8.0.0","sha":"5d20578d5749f53f3413b7ca413e5658d6ab0d05","kind":"tag","published_at":"2023-04-02T03:33:33.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v8.0.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v8.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v8.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v8.0.0/manifests"},{"name":"v7.4.4","sha":"32bad341e9a3d876fc103a680e5f30cbe80318f4","kind":"tag","published_at":"2023-04-01T23:43:46.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.4.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.4/manifests"},{"name":"v7.4.3","sha":"5139e19188b9fea0cbd9064a17b40551d6ddc23d","kind":"tag","published_at":"2023-03-22T18:52:05.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.4.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.3/manifests"},{"name":"v7.4.2","sha":"d545ad6dd83f9001f5c52756dd43708cfd2837a4","kind":"tag","published_at":"2023-03-01T20:13:25.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.4.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.2/manifests"},{"name":"v7.4.1","sha":"7a45545fffd5955b972aee97b9c33c2cfdf18889","kind":"tag","published_at":"2023-03-01T07:59:38.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.4.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.1/manifests"},{"name":"v7.4.0","sha":"f19f6ab371448d0e819129d40b66745a7b6ba7c8","kind":"tag","published_at":"2023-03-01T06:59:06.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.4.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.4.0/manifests"},{"name":"v7.3.0","sha":"75a8b846391512fcfae9822da12054e1bc2496f4","kind":"tag","published_at":"2023-02-27T19:57:56.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.3.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.3.0/manifests"},{"name":"v7.2.0","sha":"be2394fd50c4c44bb82b2123bf362c2787ed7cf2","kind":"tag","published_at":"2023-02-26T09:13:28.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.2.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.2.0/manifests"},{"name":"v7.1.4","sha":"f050a221047e2c73f18dacc3c5069a1966ed436f","kind":"tag","published_at":"2023-02-26T01:02:51.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.1.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.1.4/manifests"},{"name":"v7.1.3","sha":"77e1438de2a585ffd84389c268d79cf8876c1c37","kind":"tag","published_at":"2023-02-25T02:07:29.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.1.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.1.3/manifests"},{"name":"v7.1.2","sha":"36c50b76a16f79b6862ecaf2e73b0eaa0ed30701","kind":"tag","published_at":"2023-02-24T22:56:42.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.1.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.1.2/manifests"},{"name":"v7.1.1","sha":"5f3438d346f0c4506a5be77d561626a754ce2ef9","kind":"tag","published_at":"2023-02-24T00:36:08.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.1.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.1.1/manifests"},{"name":"v7.1.0","sha":"40ddf3bc75487c4622ec6b42d15b6d38a9ea8613","kind":"tag","published_at":"2023-02-22T23:45:14.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.1.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.1.0/manifests"},{"name":"v7.0.1","sha":"9130c1880391b9416630b050f31f4c0d114e228a","kind":"tag","published_at":"2023-02-22T02:01:37.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.0.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.0.1/manifests"},{"name":"v7.0.0","sha":"ce9e6a4b42eb8a4c39eff1258affa9d37c66101b","kind":"tag","published_at":"2023-02-20T00:45:37.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v7.0.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v7.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v7.0.0/manifests"},{"name":"v6.2.0","sha":"01ec3c0a48e25263a759f870fdb825c97445bbfb","kind":"tag","published_at":"2023-02-13T08:57:59.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.2.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.2.0/manifests"},{"name":"v6.1.10","sha":"6b9f9b0d4db3e214835279deeb355a989887b440","kind":"tag","published_at":"2023-02-13T08:20:19.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.10","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.10/manifests"},{"name":"v6.1.9","sha":"a26fe302d59afdc0af340617383352f780b8fa33","kind":"tag","published_at":"2023-02-13T06:53:48.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.9","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.9/manifests"},{"name":"v6.1.8","sha":"ee4861b752dc5f7f4a7e5c21b90c3f66354838c6","kind":"tag","published_at":"2023-02-11T21:09:48.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.8","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.8/manifests"},{"name":"v6.1.7","sha":"61df471534e225f70ac14781190c9ce3eb9114b1","kind":"tag","published_at":"2023-02-11T20:33:15.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.7","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.7/manifests"},{"name":"v6.1.6","sha":"aec47a5a869e3eafe55826ea0322ff5fd5338f99","kind":"tag","published_at":"2023-01-22T17:51:50.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.6","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.6/manifests"},{"name":"v6.1.5","sha":"04ab899ab7c13051c2a86ff15ce6543c5e723290","kind":"tag","published_at":"2023-01-17T22:17:13.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.5","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.5/manifests"},{"name":"v4.2.3","sha":"b1f802285460e88460bf8e71c0707298a56c48ac","kind":"tag","published_at":"2023-01-17T19:46:55.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v4.2.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/v4.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.2.3/manifests"},{"name":"v5.1.6","sha":"3e216b9cf09528b8cbb90c5ecc01d054326d8f85","kind":"tag","published_at":"2023-01-17T19:46:15.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v5.1.6","html_url":"https://github.com/isaacs/minimatch/releases/tag/v5.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.6/manifests"},{"name":"v6.1.4","sha":"040cd419177aac1c50b962e828cd967bad8a178f","kind":"tag","published_at":"2023-01-17T17:45:41.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.4/manifests"},{"name":"v6.1.3","sha":"9ddf1df5d987988378a9e557a26f96011d673b8a","kind":"tag","published_at":"2023-01-17T17:23:48.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.3/manifests"},{"name":"v4.2.2","sha":"465c25e349a3b85bf376e6241bf478a7742ca486","kind":"tag","published_at":"2023-01-17T15:08:54.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v4.2.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v4.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.2.2/manifests"},{"name":"v5.1.5","sha":"9556826e34e25112efab082ccf7db62de9343f5f","kind":"tag","published_at":"2023-01-17T15:03:54.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v5.1.5","html_url":"https://github.com/isaacs/minimatch/releases/tag/v5.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.5/manifests"},{"name":"v6.1.2","sha":"58c673594a360ff686732f032aa1211a4c09962a","kind":"tag","published_at":"2023-01-17T15:02:15.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.2/manifests"},{"name":"v6.1.1","sha":"c80b476c37644e5420e81a01433c00ae0d9ca4ee","kind":"tag","published_at":"2023-01-17T14:56:50.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.1/manifests"},{"name":"v6.1.0","sha":"0e7b19e667c0aac25271e3a55992fc3f8692d1cc","kind":"tag","published_at":"2023-01-17T07:10:49.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.1.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.1.0/manifests"},{"name":"v6.0.4","sha":"0f4727498887820a72bade310a2472b9e0f01e0f","kind":"tag","published_at":"2023-01-16T01:54:46.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.0.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.0.4/manifests"},{"name":"v6.0.3","sha":"6c0c46421bd0175b546cbfb819f4ce72bebdfbc1","kind":"tag","published_at":"2023-01-15T23:07:45.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.0.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.0.3/manifests"},{"name":"v6.0.2","sha":"de4052acda8476cc96f552ae3569e3639ef3ff27","kind":"tag","published_at":"2023-01-15T21:25:53.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.0.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.0.2/manifests"},{"name":"v6.0.1","sha":"8910265b5a1c368d519f63d5264cc743db95628c","kind":"tag","published_at":"2023-01-15T17:37:26.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.0.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.0.1/manifests"},{"name":"v6.0.0","sha":"31f61eeaa6c4493f81bf5eb0a146f23e538fdfd7","kind":"tag","published_at":"2023-01-14T21:06:47.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v6.0.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v6.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v6.0.0/manifests"},{"name":"v5.1.4","sha":"32db3abdc2ad66347b55d22b938bc19a2669a7e4","kind":"tag","published_at":"2023-01-14T19:08:42.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v5.1.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/v5.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.4/manifests"},{"name":"v5.1.3","sha":"9b42a9c252502016f7a318a28e3bcf9f325893f6","kind":"tag","published_at":"2023-01-14T18:54:09.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v5.1.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/v5.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.3/manifests"},{"name":"v5.1.2","sha":"baa35781c7b4a121543996eb9e89dba4d9e9953b","kind":"tag","published_at":"2022-12-20T15:11:53.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v5.1.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v5.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.2/manifests"},{"name":"v5.1.1","sha":"493a42f9412a7d46c0c977c51f8e202caf417269","kind":"tag","published_at":"2022-11-29T20:33:37.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v5.1.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v5.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.1/manifests"},{"name":"v5.1.0","sha":"6410ef32f59e4842121ca13eefacdf0b3da8533c","kind":"tag","published_at":"2022-05-16T16:12:51.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v5.1.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v5.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.1.0/manifests"},{"name":"v5.0.1","sha":"9f49616b782481f3bc352ca76db958b813f14fe8","kind":"tag","published_at":"2022-02-24T17:58:11.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v5.0.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v5.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.0.1/manifests"},{"name":"v3.0.8","sha":"782c264e9ff4b02b41923e827726e03c1bcaec28","kind":"tag","published_at":"2022-02-15T20:33:31.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.0.8","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.8/manifests"},{"name":"v3.1.2","sha":"699c459443a6bd98f5b28197978f76e7f71467ac","kind":"tag","published_at":"2022-02-15T20:32:34.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.1.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.1.2/manifests"},{"name":"v5.0.0","sha":"fc44f5f9123f534ecbf76af65558eb87d90f1028","kind":"tag","published_at":"2022-02-15T16:49:57.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v5.0.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v5.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v5.0.0/manifests"},{"name":"v4.2.1","sha":"048ada0f1f2c84718477050a25f5fb457e7fc75e","kind":"tag","published_at":"2022-02-15T16:35:22.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v4.2.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v4.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.2.1/manifests"},{"name":"v4.2.0","sha":"dd7aa958cf4cbf9e0609739f46b78777afeeeb49","kind":"tag","published_at":"2022-02-15T16:03:16.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v4.2.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v4.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.2.0/manifests"},{"name":"v4.1.1","sha":"9c7c4bcd9abe9d2de9139383d6f69fd50a0cd990","kind":"tag","published_at":"2022-02-13T04:22:09.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v4.1.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v4.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.1.1/manifests"},{"name":"v3.0.7","sha":"a6f52b0f9692e918e59bae84dabee02db97f96c8","kind":"tag","published_at":"2022-02-13T04:03:30.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.0.7","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.7/manifests"},{"name":"v3.1.1","sha":"25d7c0d09c47063c9b0d2ace17ef8e951d90eccc","kind":"tag","published_at":"2022-02-13T04:01:38.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.1.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"5e1fb8dd2bb78c0ae22101b9229fac4c76ef039e","kind":"tag","published_at":"2022-02-13T01:03:20.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.1.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.1.0/manifests"},{"name":"v4.1.0","sha":"5d15c146e9af3cbded8e62b7b5bdf76a7189c58a","kind":"tag","published_at":"2022-02-13T00:58:43.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v4.1.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v4.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.1.0/manifests"},{"name":"v4.0.0","sha":"26d281dc585af91df47cb93844e227e0ee90b7ce","kind":"tag","published_at":"2022-02-13T00:37:32.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v4.0.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v4.0.0/manifests"},{"name":"v3.0.6","sha":"5b7cd3372be253759fb4d865eb3f38f189a5fcdf","kind":"tag","published_at":"2022-02-12T23:58:01.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.0.6","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.6/manifests"},{"name":"v3.0.5","sha":"707e1b231d5ddf5b00040bd04968a1a092992d1a","kind":"tag","published_at":"2022-02-06T20:27:45.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.0.5","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.5/manifests"},{"name":"v3.0.4","sha":"e46989a323d5f0aa4781eff5e2e6e7aafa223321","kind":"tag","published_at":"2017-05-07T18:11:03.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.0.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.4/manifests"},{"name":"v3.0.3","sha":"eed89491bd4a4e6bc463aac0dfb5c29ef0d1dc13","kind":"tag","published_at":"2016-08-08T17:45:14.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.0.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.3/manifests"},{"name":"v3.0.2","sha":"81edb7c763abd31ba981c87ec5e835f178786be0","kind":"tag","published_at":"2016-06-17T20:12:51.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.0.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.2/manifests"},{"name":"v3.0.1","sha":"8ac560e212d1b19b1b78685521ccc67a28d366e6","kind":"tag","published_at":"2016-02-20T22:11:15.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.0.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.1/manifests"},{"name":"v3.0.0","sha":"270dbea567f0af6918cb18103e98c612aa717a20","kind":"tag","published_at":"2015-09-27T18:18:44.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v3.0.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v3.0.0/manifests"},{"name":"v2.0.10","sha":"6afb85f0c324b321f76a38df81891e562693e257","kind":"tag","published_at":"2015-07-23T01:51:30.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.10","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.10/manifests"},{"name":"v2.0.9","sha":"5adde897f3865210dfa659beceff8617ee828197","kind":"tag","published_at":"2015-07-18T23:03:10.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.9","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.9/manifests"},{"name":"v2.0.8","sha":"0bc7d9c4b2bc816502184862b45bd090de3406a3","kind":"tag","published_at":"2015-05-19T01:37:48.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.8","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.8/manifests"},{"name":"v2.0.7","sha":"4bd6dc22c248c7ea07cc49d63181fe6f6aafae9c","kind":"tag","published_at":"2015-04-29T15:43:52.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.7","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.7/manifests"},{"name":"v2.0.6","sha":"24d9260047c46e95418407b4a4b0078e11f658fc","kind":"tag","published_at":"2015-04-29T15:25:26.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.6","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.6/manifests"},{"name":"v2.0.5","sha":"11ffd7674dc8a76eb6ddceda6e1bf8863d2be63d","kind":"tag","published_at":"2015-04-29T14:37:16.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.5","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.5/manifests"},{"name":"v2.0.4","sha":"c75d17c23df3b6050338ee654a58490255b36ebc","kind":"tag","published_at":"2015-03-12T17:34:36.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.4/manifests"},{"name":"v2.0.3","sha":"85c028654ca35b0a5ae3bc83b830785d58c3710c","kind":"tag","published_at":"2015-03-10T02:03:04.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.3/manifests"},{"name":"v2.0.2","sha":"df6467ae94d679dbf6cf1d4e888588c2b55f1981","kind":"tag","published_at":"2015-03-10T00:34:23.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.2/manifests"},{"name":"v2.0.1","sha":"eac219d8f665c8043fda9a1cd34eab9b006fae01","kind":"tag","published_at":"2014-12-01T16:29:30.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.1/manifests"},{"name":"v2.0.0","sha":"105482161fc08437a84d4b51a69a5e3be6dd23bd","kind":"tag","published_at":"2014-12-01T02:10:58.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.0/manifests"},{"name":"v2.0.0-0","sha":"936c5f4e0bcd0301027f2588382db580073b7dcb","kind":"tag","published_at":"2014-12-01T01:19:26.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v2.0.0-0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v2.0.0-0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.0-0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v2.0.0-0/manifests"},{"name":"v1.0.0","sha":"b374a643976eb55cdc19c60b6dd51ebe9bcc607a","kind":"tag","published_at":"2014-07-28T21:30:21.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v1.0.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v1.0.0/manifests"},{"name":"v0.4.0","sha":"56dc703f56c3678a3fad47ae67c92050d1689656","kind":"tag","published_at":"2014-07-11T23:25:28.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.4.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.4.0/manifests"},{"name":"v0.3.0","sha":"8970f0f8e07f7cd2f20b09c1c9340f4ffbed573c","kind":"tag","published_at":"2014-05-13T00:47:12.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.3.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.3.0/manifests"},{"name":"v0.2.14","sha":"72845fa0454d03adf2bb551af35c36835878ff34","kind":"tag","published_at":"2013-12-16T19:50:24.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.2.14","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.2.14","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.14/manifests"},{"name":"v0.2.13","sha":"45e3087bbb65a837bdb4bc606dd92981a95fb1a9","kind":"tag","published_at":"2013-12-16T06:01:48.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.2.13","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.2.13","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.13/manifests"},{"name":"v0.2.12","sha":"71fa5c3a4c96f67a83df736e3524c81fb9d3cb9c","kind":"tag","published_at":"2013-04-12T19:28:26.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.2.12","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.2.12","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.12/manifests"},{"name":"v0.2.11","sha":"1059ad332fad01d8863464d4c96ac13549467d35","kind":"tag","published_at":"2013-02-25T16:22:46.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.2.11","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.2.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.11/manifests"},{"name":"v0.2.10","sha":"3daca8ea31c188e7012ec1a09e67e6af287bb3b8","kind":"tag","published_at":"2013-02-25T16:21:24.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.2.10","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.2.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.10/manifests"},{"name":"v0.2.9","sha":"172c1bc23e74f6aa884713e69970fec9d21d4e18","kind":"tag","published_at":"2012-10-25T15:33:59.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.2.9","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.2.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.9/manifests"},{"name":"v0.2.8","sha":"e9cdc37c57e3c13016405a9fc3e658e0c2258ec1","kind":"tag","published_at":"2012-10-25T15:23:21.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.2.8","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.8/manifests"},{"name":"v0.2.7","sha":"e27848f5ce52aa493e04854b491bdeeb65345b3a","kind":"tag","published_at":"2012-10-04T03:49:20.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.2.7","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.7/manifests"},{"name":"v0.2.6","sha":"1a439a1f0dd22091b46466b297d5251a01514f24","kind":"tag","published_at":"2012-08-13T16:41:56.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.2.6","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.2.6/manifests"},{"name":"0.2.5","sha":"c42a226d051f54d31520909089a6f9d91915b16d","kind":"tag","published_at":"2012-06-04T20:57:20.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.2.5","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.5/manifests"},{"name":"0.2.4","sha":"d58dc75cbc97eb8492ada9029f747c46081fb92e","kind":"tag","published_at":"2012-03-29T01:44:47.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.2.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.4/manifests"},{"name":"0.2.3","sha":"6840ac7c7f83da9a111859387c3b7efb4de2e99f","kind":"tag","published_at":"2012-03-29T01:37:50.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.2.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.3/manifests"},{"name":"0.2.2","sha":"a7d993d0ce9a143938e2218fb82c63d0f96e670d","kind":"tag","published_at":"2012-03-22T05:21:56.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.2.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.2/manifests"},{"name":"0.2.1","sha":"2e9886579c5ea85e5b6f13d7b692c72bc2badad9","kind":"tag","published_at":"2012-02-22T11:48:30.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.2.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.1/manifests"},{"name":"0.2.0","sha":"d1484f1873c6a33bf45f97f7e420de4c0433ba20","kind":"tag","published_at":"2012-02-22T11:04:38.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.2.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.2.0/manifests"},{"name":"0.1.6","sha":"6dddcd0da9b8ceb72525fdc8573f12262259d66c","kind":"tag","published_at":"2012-02-22T08:28:18.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.1.6","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.6/manifests"},{"name":"0.1.5","sha":"d046c3df40123a6a8ef1b0838c2e92d0b381c83b","kind":"tag","published_at":"2012-02-04T19:32:16.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.1.5","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.5/manifests"},{"name":"0.1.4","sha":"237859a6b6e700e3d9f45e1772711a8f07ce8df2","kind":"tag","published_at":"2012-01-19T00:13:55.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.1.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.4/manifests"},{"name":"0.1.3","sha":"d3d8527d5583242c2ef1ea8e40001372f8da9015","kind":"tag","published_at":"2012-01-04T09:06:18.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.1.3","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.3/manifests"},{"name":"0.1.2","sha":"85982383b14c4c017b12a5aa97ab7c0cbc456b84","kind":"tag","published_at":"2012-01-04T02:28:24.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.1.2","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.2/manifests"},{"name":"0.1.1","sha":"aba5dae7a13189063df041619c0d07fbb66afb8f","kind":"tag","published_at":"2011-12-31T02:22:08.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.1.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.1/manifests"},{"name":"0.1.0","sha":"ee07ab6770207e0b55063543f2179f18392f80ad","kind":"tag","published_at":"2011-12-22T07:06:19.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.1.0","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.1.0/manifests"},{"name":"0.0.5","sha":"74930846c80bbc0413a7aa1d2718248831cbdc27","kind":"tag","published_at":"2011-12-14T02:31:55.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.0.5","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.0.5/manifests"},{"name":"0.0.4","sha":"6e8c1c666a08a7d33bbc9c0d4027b213e628ab88","kind":"tag","published_at":"2011-07-29T19:12:52.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/0.0.4","html_url":"https://github.com/isaacs/minimatch/releases/tag/0.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/0.0.4/manifests"},{"name":"v0.0.1","sha":"7695dd6fbf0604566369d54a2a44f54e503c0dc8","kind":"tag","published_at":"2011-07-16T08:31:33.000Z","download_url":"https://codeload.github.com/isaacs/minimatch/tar.gz/v0.0.1","html_url":"https://github.com/isaacs/minimatch/releases/tag/v0.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isaacs%2Fminimatch/tags/v0.0.1/manifests"}]},"repo_metadata_updated_at":"2025-06-06T00:29:29.216Z","dependent_packages_count":9743,"downloads":1223937395,"downloads_period":"last-month","dependent_repos_count":2198462,"rankings":{"downloads":0.000383317580806084,"dependent_repos_count":0.012594720512199904,"dependent_packages_count":0.00993887727375775,"stargazers_count":1.569356935474509,"forks_count":1.943803452267652,"docker_downloads_count":0.0002464184448039112,"average":0.5893872869256215},"purl":"pkg:npm/minimatch","advisories":[{"uuid":"GSA_kwCzR0hTQS1mOHE2LXA5NHgtMzd2M84AAvaI","url":"https://github.com/advisories/GHSA-f8q6-p94x-37v3","title":"minimatch ReDoS vulnerability","description":"A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-10-18T12:00:32.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2022-3517","https://github.com/grafana/grafana-image-renderer/issues/329","https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6","https://github.com/nodejs/node/issues/42510","https://lists.debian.org/debian-lts-announce/2023/01/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK","https://github.com/advisories/GHSA-f8q6-p94x-37v3"],"source_kind":"github","identifiers":["GHSA-f8q6-p94x-37v3","CVE-2022-3517"],"repository_url":"https://github.com/grafana/grafana-image-renderer","blast_radius":47.56589222491946,"packages":[{"versions":[{"first_patched_version":"3.0.5","vulnerable_version_range":"\u003c 3.0.5"}],"ecosystem":"npm","package_name":"minimatch"}],"created_at":"2022-12-21T16:11:54.922Z","updated_at":"2024-02-14T18:15:17.000Z","epss_percentage":0.00457,"epss_percentile":0.58055},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bTItcjM0Zi1xbWM1","url":"https://github.com/advisories/GHSA-hxm2-r34f-qmc5","title":"Regular Expression Denial of Service in minimatch","description":"Affected versions of `minimatch` are vulnerable to regular expression denial of service attacks when user input is passed into the `pattern` argument of `minimatch(path, pattern)`.\n\n\n## Proof of Concept\n```js\nvar minimatch = require(“minimatch”);\n\n// utility function for generating long strings\nvar genstr = function (len, chr) {\n  var result = “”;\n  for (i=0; i\u003c=len; i++) {\n    result = result + chr;\n  }\n  return result;\n}\n\nvar exploit = “[!” + genstr(1000000, “\\\\”) + “A”;\n\n// minimatch exploit.\nconsole.log(“starting minimatch”);\nminimatch(“foo”, exploit);\nconsole.log(“finishing minimatch”);\n```\n\n\n## Recommendation\n\nUpdate to version 3.0.2 or later.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-10-09T00:40:41.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-10540","https://github.com/advisories/GHSA-hxm2-r34f-qmc5","https://www.npmjs.com/advisories/118"],"source_kind":"github","identifiers":["GHSA-hxm2-r34f-qmc5","CVE-2016-10540"],"repository_url":null,"blast_radius":47.56589222491946,"packages":[{"versions":[{"first_patched_version":"3.0.2","vulnerable_version_range":"\u003c 3.0.2"}],"ecosystem":"npm","package_name":"minimatch"}],"created_at":"2022-12-21T16:13:35.953Z","updated_at":"2025-03-25T01:11:34.045Z","epss_percentage":0.00435,"epss_percentile":0.60124}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/minimatch","docker_dependents_count":71344,"docker_downloads_count":19652300798,"usage_url":"https://repos.ecosyste.ms/usage/npm/minimatch","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/minimatch/dependencies","status":null,"funding_links":["https://github.com/sponsors/isaacs"],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/minimatch/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/minimatch/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/minimatch/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/minimatch/related_packages","maintainers":[{"uuid":"isaacs","login":"isaacs","name":null,"email":"i@izs.me","url":null,"packages_count":488,"html_url":"https://www.npmjs.com/~isaacs","role":null,"created_at":"2022-11-10T11:48:07.489Z","updated_at":"2022-11-10T11:48:07.489Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/isaacs/packages"}],"registry":{"name":"npmjs.org","url":"https://registry.npmjs.org","ecosystem":"npm","default":true,"packages_count":5005319,"maintainers_count":1012639,"namespaces_count":295318,"keywords_count":699769,"github":"npm","metadata":{"funded_packages_count":150180},"icon_url":"https://github.com/npm.png","created_at":"2022-04-04T15:19:23.081Z","updated_at":"2025-06-05T05:52:15.849Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/namespaces"}},"unique_repositories_count":16336,"unique_repositories_count_past_30_days":570,"recent_issues":[{"uuid":"4559914337","node_id":"PR_kwDOShUDyc7hMyRo","number":3,"state":"open","title":"chore(deps): bump the production-dependencies group across 1 directory with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T02:36:06.000Z","updated_at":"2026-06-01T02:37:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"production-dependencies","update_count":24,"packages":[{"name":"@clack/prompts","old_version":"0.11.0","new_version":"1.5.0","repository_url":"https://github.com/bombshell-dev/clack"},{"name":"@floating-ui/dom","old_version":"1.7.4","new_version":"1.7.6","repository_url":"https://github.com/floating-ui/floating-ui"},{"name":"esbuild-sass-plugin","old_version":"3.6.0","new_version":"3.7.0","repository_url":"https://github.com/glromeo/esbuild-sass-plugin"},{"name":"flexsearch","old_version":"0.8.205","new_version":"0.8.212","repository_url":"https://github.com/nextapps-de/flexsearch"},{"name":"globby","old_version":"16.1.0","new_version":"16.2.0","repository_url":"https://github.com/sindresorhus/globby"},{"name":"js-yaml","old_version":"4.1.1","new_version":"4.2.0","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"lightningcss","old_version":"1.31.1","new_version":"1.32.0","repository_url":"https://github.com/parcel-bundler/lightningcss"},{"name":"minimatch","old_version":"10.1.1","new_version":"10.2.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"pixi.js","old_version":"8.15.0","new_version":"8.18.1","repository_url":"https://github.com/pixijs/pixijs"},{"name":"preact","old_version":"10.28.2","new_version":"10.29.2","repository_url":"https://github.com/preactjs/preact"},{"name":"preact-render-to-string","old_version":"6.6.5","new_version":"6.7.0","repository_url":"https://github.com/preactjs/preact-render-to-string"},{"name":"rehype-citation","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/timlrx/rehype-citation"},{"name":"rehype-pretty-code","old_version":"0.14.1","new_version":"0.14.3","repository_url":"https://github.com/rehype-pretty/rehype-pretty-code"},{"name":"satori","old_version":"0.19.1","new_version":"0.26.0","repository_url":"https://github.com/vercel/satori"},{"name":"serve-handler","old_version":"6.1.6","new_version":"6.1.7","repository_url":"https://github.com/vercel/serve-handler"},{"name":"shiki","old_version":"1.26.2","new_version":"4.1.0","repository_url":"https://github.com/shikijs/shiki"},{"name":"toml","old_version":"3.0.0","new_version":"4.1.1","repository_url":"https://github.com/BinaryMuse/toml-node"},{"name":"workerpool","old_version":"10.0.1","new_version":"10.0.2","repository_url":"https://github.com/josdejong/workerpool"},{"name":"ws","old_version":"8.19.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"@types/node","old_version":"25.0.10","new_version":"25.9.1","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.3","repository_url":"https://github.com/prettier/prettier"},{"name":"tsx","old_version":"4.21.0","new_version":"4.22.4","repository_url":"https://github.com/privatenumber/tsx"},{"name":"typescript","old_version":"5.9.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the production-dependencies group with 23 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts) | `0.11.0` | `1.5.0` |\n| [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) | `1.7.4` | `1.7.6` |\n| [esbuild-sass-plugin](https://github.com/glromeo/esbuild-sass-plugin) | `3.6.0` | `3.7.0` |\n| [flexsearch](https://github.com/nextapps-de/flexsearch) | `0.8.205` | `0.8.212` |\n| [globby](https://github.com/sindresorhus/globby) | `16.1.0` | `16.2.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |\n| [lightningcss](https://github.com/parcel-bundler/lightningcss) | `1.31.1` | `1.32.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `10.1.1` | `10.2.5` |\n| [pixi.js](https://github.com/pixijs/pixijs) | `8.15.0` | `8.18.1` |\n| [preact](https://github.com/preactjs/preact) | `10.28.2` | `10.29.2` |\n| [preact-render-to-string](https://github.com/preactjs/preact-render-to-string) | `6.6.5` | `6.7.0` |\n| [rehype-citation](https://github.com/timlrx/rehype-citation) | `2.3.1` | `2.3.2` |\n| [rehype-pretty-code](https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core) | `0.14.1` | `0.14.3` |\n| [satori](https://github.com/vercel/satori) | `0.19.1` | `0.26.0` |\n| [serve-handler](https://github.com/vercel/serve-handler) | `6.1.6` | `6.1.7` |\n| [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) | `1.26.2` | `4.1.0` |\n| [toml](https://github.com/BinaryMuse/toml-node) | `3.0.0` | `4.1.1` |\n| [workerpool](https://github.com/josdejong/workerpool) | `10.0.1` | `10.0.2` |\n| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.21.0` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.10` | `25.9.1` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |\n| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.4` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |\n\n\nUpdates `@clack/prompts` from 0.11.0 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bombshell-dev/clack/releases\"\u003e@​clack/prompts's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/543\"\u003e#543\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/florian-lefebvre\"\u003e\u003ccode\u003e@​florian-lefebvre\u003c/code\u003e\u003c/a\u003e! - Adds support for Standard Schema validation\u003c/p\u003e\n\u003cp\u003ePrompts accept an optional \u003ccode\u003evalidate()\u003c/code\u003e function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.\u003c/p\u003e\n\u003cp\u003eLibraries following the \u003ca href=\"https://github.com/standard-schema/standard-schema\"\u003eStandard Schema specification\u003c/a\u003e are now natively supported. For example, using \u003ca href=\"https://arktype.io/\"\u003eArktype\u003c/a\u003e:\u003c/p\u003e\n\u003cpre lang=\"diff\"\u003e\u003ccode\u003eimport { text } from '@clack/prompts';\nimport { type } from 'arktype';\n\u003cp\u003econst name = await text({\nmessage: 'Enter your email',\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003evalidate: type('string.email').describe('Invalid email'),\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/542\"\u003e#542\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/534\"\u003e#534\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/MattStypa\"\u003e\u003ccode\u003e@​MattStypa\u003c/code\u003e\u003c/a\u003e! - Fixed spaces and uppercase characters in multiline prompt\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/540\"\u003e#540\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e284677e: Support scrolling and \u003ccode\u003emaxItems\u003c/code\u003e option for \u003ccode\u003egroupMultiselect\u003c/code\u003e, and removes indent when \u003ccode\u003ewithGuide\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eaab46a2: docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts\u003c/li\u003e\n\u003cli\u003e54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [54be8d7]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eea5702e: fix: add engines field expressing node \u0026gt;=20.12 requirement\u003c/li\u003e\n\u003cli\u003e814ab9a: Add new multiline prompt for multi-line text input.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md\"\u003e@​clack/prompts's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/543\"\u003e#543\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/florian-lefebvre\"\u003e\u003ccode\u003e@​florian-lefebvre\u003c/code\u003e\u003c/a\u003e! - Adds support for Standard Schema validation\u003c/p\u003e\n\u003cp\u003ePrompts accept an optional \u003ccode\u003evalidate()\u003c/code\u003e function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.\u003c/p\u003e\n\u003cp\u003eLibraries following the \u003ca href=\"https://github.com/standard-schema/standard-schema\"\u003eStandard Schema specification\u003c/a\u003e are now natively supported. For example, using \u003ca href=\"https://arktype.io/\"\u003eArktype\u003c/a\u003e:\u003c/p\u003e\n\u003cpre lang=\"diff\"\u003e\u003ccode\u003eimport { text } from '@clack/prompts';\nimport { type } from 'arktype';\n\u003cp\u003econst name = await text({\nmessage: 'Enter your email',\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003evalidate: type('string.email').describe('Invalid email'),\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/542\"\u003e#542\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/534\"\u003e#534\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/MattStypa\"\u003e\u003ccode\u003e@​MattStypa\u003c/code\u003e\u003c/a\u003e! - Fixed spaces and uppercase characters in multiline prompt\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/540\"\u003e#540\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e284677e: Support scrolling and \u003ccode\u003emaxItems\u003c/code\u003e option for \u003ccode\u003egroupMultiselect\u003c/code\u003e, and removes indent when \u003ccode\u003ewithGuide\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eaab46a2: docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts\u003c/li\u003e\n\u003cli\u003e54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [54be8d7]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.3.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eea5702e: fix: add engines field expressing node \u0026gt;=20.12 requirement\u003c/li\u003e\n\u003cli\u003e814ab9a: Add new multiline prompt for multi-line text input.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/030ba4d776e5985050c0e2712da7008bd93b8847\"\u003e\u003ccode\u003e030ba4d\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/539\"\u003e#539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e feat: standard schema for validation (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/542\"\u003e#542\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/540\"\u003e#540\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e fix: spaces and uppercase characters in multiline input (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/534\"\u003e#534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/fe2bcd278635fc0aaf2482ed0aea82d57ae1c421\"\u003e\u003ccode\u003efe2bcd2\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/aab46a2a7ed85627743bdbf0da30acc8b2ace385\"\u003e\u003ccode\u003eaab46a2\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/523\"\u003e#523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/54be8d7a75c952b2157e94a78f70d40fa2d5321e\"\u003e\u003ccode\u003e54be8d7\u003c/code\u003e\u003c/a\u003e fix: trim lines from correct end (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/532\"\u003e#532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/284677eaae0c461dafccfe1eb3e8c32fcebd6bbf\"\u003e\u003ccode\u003e284677e\u003c/code\u003e\u003c/a\u003e feat(prompts): support maxItems in groupMultiselect (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/528\"\u003e#528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/05bfd4353592016cf3f4c941f663fab84c14edb2\"\u003e\u003ccode\u003e05bfd43\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.5.0/packages/prompts\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​clack/prompts\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@floating-ui/dom` from 1.7.4 to 1.7.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/floating-ui/floating-ui/releases\"\u003e@​floating-ui/dom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​floating-ui/dom\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.7.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type contains \u003ccode\u003edetectOverflow\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003eperf: bundle and runtime improvements\u003c/li\u003e\n\u003cli\u003efeat(autoUpdate): allow not passing a floating element\u003c/li\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/utils@0.2.11\u003c/code\u003e, \u003ccode\u003e@floating-ui/core@1.7.5\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md\"\u003e@​floating-ui/dom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.7.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type contains \u003ccode\u003edetectOverflow\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003eperf: bundle and runtime improvements\u003c/li\u003e\n\u003cli\u003efeat(autoUpdate): allow not passing a floating element\u003c/li\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/utils@0.2.11\u003c/code\u003e, \u003ccode\u003e@floating-ui/core@1.7.5\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.5\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/core@1.7.4\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/d8020ee98c702caa31fa9b4d929ca782c6b58c59\"\u003e\u003ccode\u003ed8020ee\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3445\"\u003e#3445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/6e63557c89af9b92f50635cdc993a4b7bbcd9345\"\u003e\u003ccode\u003e6e63557\u003c/code\u003e\u003c/a\u003e feat(autoUpdate): allow not passing a floating element (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3399\"\u003e#3399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/473aa1e2ff22594ed782842d2d9e816a982188cc\"\u003e\u003ccode\u003e473aa1e\u003c/code\u003e\u003c/a\u003e perf: bundle and runtime improvements (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3448\"\u003e#3448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/a82e45f175bb1a518d3934d747c1b767f558d171\"\u003e\u003ccode\u003ea82e45f\u003c/code\u003e\u003c/a\u003e fix(utils): stop treating \u003ccode\u003econtainer-type\u003c/code\u003e as creating containing block (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3437\"\u003e#3437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/eedda374962cc3fd6c5add6b6cd54b0bea9baa60\"\u003e\u003ccode\u003eeedda37\u003c/code\u003e\u003c/a\u003e fix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type includes \u003ccode\u003edetectOverflow\u003c/code\u003e type (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/b4d1407cbda07ef13bcac24ee0b3ac67216c9c57\"\u003e\u003ccode\u003eb4d1407\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3415\"\u003e#3415\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.7.6/packages/dom\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​floating-ui/dom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild-sass-plugin` from 3.6.0 to 3.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/glromeo/esbuild-sass-plugin/releases\"\u003eesbuild-sass-plugin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.7.0 Hasta la vista\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/glromeo/esbuild-sass-plugin/commits/v3.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flexsearch` from 0.8.205 to 0.8.212\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nextapps-de/flexsearch/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `globby` from 16.1.0 to 16.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/globby/releases\"\u003eglobby's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/sindresorhus/globby?tab=readme-ov-file#globalgitignore\"\u003e\u003ccode\u003eglobalGitignore\u003c/code\u003e\u003c/a\u003e option  51555b2\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.1...v16.2.0\"\u003ehttps://github.com/sindresorhus/globby/compare/v16.1.1...v16.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev16.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix negation patterns with absolute filesystem paths  72e9916\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.0...v16.1.1\"\u003ehttps://github.com/sindresorhus/globby/compare/v16.1.0...v16.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/60e816778abd4fc805d8ce2e981567759b035504\"\u003e\u003ccode\u003e60e8167\u003c/code\u003e\u003c/a\u003e 16.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/51555b26d780002f2fe7b2aaddc45f36d8ad339d\"\u003e\u003ccode\u003e51555b2\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eglobalGitignore\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/8d946e288354c8ed87e7848e8a9f684c4b840f28\"\u003e\u003ccode\u003e8d946e2\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/ff45aa5140eaf6c9e6637fdbfa19ec23d55bd388\"\u003e\u003ccode\u003eff45aa5\u003c/code\u003e\u003c/a\u003e 16.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/72e991615df2da0ff3c12980ddfcdc60e4848f6f\"\u003e\u003ccode\u003e72e9916\u003c/code\u003e\u003c/a\u003e Fix negation patterns with absolute filesystem paths\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.0...v16.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.1 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.2.0] - 2026-06-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003edocs/safety.md\u003c/code\u003e with notes about processing untrusted YAML.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxDepth\u003c/code\u003e (100) loader option. Not a problem, but gives a better\nexception instead of RangeError on stack overflow.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxMergeSeqLength\u003c/code\u003e (20) loader option. Not a problem after \u003ccode\u003emerge\u003c/code\u003e fix,\nbut an additional restriction for safety.\u003c/li\u003e\n\u003cli\u003eAdded sourcemaps to \u003ccode\u003edist/\u003c/code\u003e builds.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStop resolving numbers with underscores as numeric scalars, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/627\"\u003e#627\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSwitched dev toolchains to Vite / neostandard.\u003c/li\u003e\n\u003cli\u003eUpdated demo.\u003c/li\u003e\n\u003cli\u003eReorganized tests.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edist/\u003c/code\u003e files are no longer kept in the repository.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of properties on the first implicit block mapping key, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/62\"\u003e#62\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix trailing whitespace handling when folding flow scalar lines, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReject top-level block scalars without content indentation, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/280\"\u003e#280\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnsure numbers survive round-trip, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/737\"\u003e#737\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix test coverage for issue \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/221\"\u003e#221\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix flow scalar trailing whitespace folding, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix digits in YAML named tag handles.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential DoS via quadratic complexity in merge - deduplicate repeated\nelements (makes sense for malformed files \u0026gt; 10K).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lightningcss` from 1.31.1 to 1.32.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/parcel-bundler/lightningcss/releases\"\u003elightningcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.32.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/880\"\u003eEnable custom resolvers to mark imports as external\u003c/a\u003e. Resolvers may now return \u003ccode\u003e{external: string}\u003c/code\u003e to mark an import as external. This will leave the \u003ccode\u003e@import\u003c/code\u003e in the output CSS instead of bundling it. See \u003ca href=\"https://lightningcss.dev/bundling.html#custom-resolvers\"\u003ethe docs\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1170\"\u003eAllow visitors to add dependencies\u003c/a\u003e. Visitors may now be functions which receive an \u003ccode\u003eaddDependency\u003c/code\u003e function as an option. Dependencies may be used by tools that call Lightning CSS such as bundlers to implement file watching or caching. See \u003ca href=\"https://lightningcss.dev/transforms.html#dependencies\"\u003ethe docs\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1148\"\u003eAdd \u003ccode\u003emix-blend-mode\u003c/code\u003e property support\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1152\"\u003eOutput unknown \u003ccode\u003ecolor-scheme\u003c/code\u003e keywords as-is instead of \u003ccode\u003enormal\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1147\"\u003eImproved serialization of the rotate property\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1145\"\u003ekeep a single space between functions when formatting \u003ccode\u003etransform\u003c/code\u003e values\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1142\"\u003eFix additionally inserted whitespace in \u003ccode\u003evar(--foo,)\u003c/code\u003e and \u003ccode\u003eenv(--foo,)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1174\"\u003eConvert the percentage in the \u003ccode\u003escale\u003c/code\u003e property or \u003ccode\u003escale()\u003c/code\u003e to a number\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/parcel-bundler/lightningcss/commit/836741b5ecc4ae70289b2a26ce265df6c8486357\"\u003eupdate compat data\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/parcel-bundler/lightningcss/commits/v1.32.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 10.1.1 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/693c82377d0948401be4c6d3220c9a74132ab112\"\u003e\u003ccode\u003e693c823\u003c/code\u003e\u003c/a\u003e 10.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7953af1fac53267c05e362f036b70de898318faa\"\u003e\u003ccode\u003e7953af1\u003c/code\u003e\u003c/a\u003e do not allow .. to consume drive letter on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1caf91893b67586255c68e2e513b14ac66785a24\"\u003e\u003ccode\u003e1caf918\u003c/code\u003e\u003c/a\u003e lint and format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7783ed6670442acb4d455b9b164a1b2a33507a45\"\u003e\u003ccode\u003e7783ed6\u003c/code\u003e\u003c/a\u003e ignore docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/6d9b356cd59372de00e1d5f3b8907a3350b9b8e5\"\u003e\u003ccode\u003e6d9b356\u003c/code\u003e\u003c/a\u003e update deps etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c36addb94e33f14254b9ca9017e63ae9c9d80d1d\"\u003e\u003ccode\u003ec36addb\u003c/code\u003e\u003c/a\u003e 10.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26b90027d5ad0c383b5253a4e45d6dc7da282db4\"\u003e\u003ccode\u003e26b9002\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/3a0d83b6f03a17ebc15361c2faa7110777042aab\"\u003e\u003ccode\u003e3a0d83b\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ea94840326c3f40522f1b544bd2303024b0eec35\"\u003e\u003ccode\u003eea94840\u003c/code\u003e\u003c/a\u003e 10.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0873fbabc00a86e09f4469386059a71abb136c93\"\u003e\u003ccode\u003e0873fba\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v10.1.1...v10.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pixi.js` from 8.15.0 to 8.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pixijs/pixijs/releases\"\u003epixi.js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.1\u003c/h2\u003e\n\u003ch2\u003e💾 Download\u003c/h2\u003e\n\u003cp\u003eInstallation:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003enpm install pixi.js@8.18.1\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eDevelopment Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProduction Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pixijs.download/v8.18.1/docs/index.html\"\u003ehttps://pixijs.download/v8.18.1/docs/index.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.18.0...v8.18.1\"\u003ehttps://github.com/pixijs/pixijs/compare/v8.18.0...v8.18.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🐛 Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent error when using \u003ccode\u003eApplication.domContainerRoot\u003c/code\u003e in Node.js by \u003ca href=\"https://github.com/UlyssesZh\"\u003e\u003ccode\u003e@​UlyssesZh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pixijs/pixijs/pull/12017\"\u003epixijs/pixijs#12017\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003e💾 Download\u003c/h2\u003e\n\u003cp\u003eInstallation:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003enpm install pixi.js@8.18.0\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eDevelopment Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProduction Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pixijs.download/v8.18.0/docs/index.html\"\u003ehttps://pixijs.download/v8.18.0/docs/index.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/pixijs/pixijs/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🚨 Behavior Change\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003etext.width\u003c/code\u003e and word wrap returning incorrect values by \u003ca href=\"https://github.com/Zyie\"\u003e\u003ccode\u003e@​Zyie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pixijs/pixijs/pull/12007\"\u003epixijs/pixijs#12007\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eText\u003c/code\u003e/\u003ccode\u003eHTMLText\u003c/code\u003e/\u003ccode\u003eBitmapText\u003c/code\u003e with \u003ccode\u003ewordWrap: true\u003c/code\u003e and non-left \u003ccode\u003ealign\u003c/code\u003e (\u003ccode\u003ecenter\u003c/code\u003e/\u003ccode\u003eright\u003c/code\u003e/\u003ccode\u003ejustify\u003c/code\u003e) now return the true rendered width from \u003ccode\u003etext.width\u003c/code\u003e instead of reporting \u003ccode\u003ewordWrapWidth\u003c/code\u003e. If you relied on \u003ccode\u003etext.width === wordWrapWidth\u003c/code\u003e for layout, use \u003ccode\u003ewordWrapWidth\u003c/code\u003e directly or wrap the text in a sized container.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/8f42bb760872ed6652775d00a4de448ac277e783\"\u003e\u003ccode\u003e8f42bb7\u003c/code\u003e\u003c/a\u003e v8.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1947eb616e415af7fe9c0436239d93991d58d27f\"\u003e\u003ccode\u003e1947eb6\u003c/code\u003e\u003c/a\u003e fix: prevent error when using Application.domContainerRoot in Node.js (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12017\"\u003e#12017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/2c5818b0e75b835ba5980844136b10cbdc3982a9\"\u003e\u003ccode\u003e2c5818b\u003c/code\u003e\u003c/a\u003e v8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/39d22791e09959d59bee5d90ed7ccb6db06d8c47\"\u003e\u003ccode\u003e39d2279\u003c/code\u003e\u003c/a\u003e chore: move \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e to production dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1c1f19364f27508ab1cc9043e27ba15cf4741b3e\"\u003e\u003ccode\u003e1c1f193\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e to 0.8.12 (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12016\"\u003e#12016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/7a8f55c37f60ffe887ca318ac22d12331f733760\"\u003e\u003ccode\u003e7a8f55c\u003c/code\u003e\u003c/a\u003e feat: add graphicsContextToSvg() for Graphics → SVG export (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/11989\"\u003e#11989\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/16dad504f68bfee55987c6a2a3aef1d98f36f1f9\"\u003e\u003ccode\u003e16dad50\u003c/code\u003e\u003c/a\u003e fix: TilingSprite tilePosition divided by resolution when using Canvas render...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/5e4640bbc3e1a9d4cb0203f57d891da30f65d395\"\u003e\u003ccode\u003e5e4640b\u003c/code\u003e\u003c/a\u003e fix: SplitText baseline mismatch when tagStyles used with lineHeight (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12008\"\u003e#12008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/19b206cd41c86940dbfcc441367141108382eadb\"\u003e\u003ccode\u003e19b206c\u003c/code\u003e\u003c/a\u003e fix: move CanvasFilterSystem to filters module (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12014\"\u003e#12014\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1b9b7d0c83f35ba05500dc81cbb2433962ca025a\"\u003e\u003ccode\u003e1b9b7d0\u003c/code\u003e\u003c/a\u003e fix: Handle literal \u003ccode\u003e\u0026lt;\u003c/code\u003e characters in parseTaggedText (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/11972\"\u003e#11972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.15.0...v8.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `preact` from 10.28.2 to 10.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact/releases\"\u003epreact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.29.2\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix hydration when we have defaultValue or value on a textarea (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5081\"\u003e#5081\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CODEOWNERS for GitHub configuration (v10.x) (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5088\"\u003e#5088\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix trusted publishing workflow (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5084\"\u003e#5084\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrusted publishing (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5072\"\u003e#5072\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.29.1\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCreate a unique event-clock for each Preact instance on a page. (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5068\"\u003e#5068\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incorrect DOM order with conditional ContextProvider and inner keys (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5067\"\u003e#5067\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Remove postinstall script for playwright setup (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5063\"\u003e#5063\u003c/a\u003e, thanks \u003ca href=\"https://github.com/rschristian\"\u003e\u003ccode\u003e@​rschristian\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: speed up tests by using playwright instead of webdriverio (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5060\"\u003e#5060\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: migrate remaining .js -\u0026gt; .jsx files (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5059\"\u003e#5059\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: rename \u003ccode\u003e.test.js\u003c/code\u003e -\u0026gt; \u003ccode\u003e.test.jsx\u003c/code\u003e when JSX is used (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5058\"\u003e#5058\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate from biome to oxfmt (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5033\"\u003e#5033\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.29.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement flushSync (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5036\"\u003e#5036\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure we reset renderCount (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5017\"\u003e#5017\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eundefined prototype (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5041\"\u003e#5041\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePerformance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGolf down compat (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5025\"\u003e#5025\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.4\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash where a synchronous effect render unmounts the tree (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5026\"\u003e#5026\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePerformance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCore size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5022\"\u003e#5022\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHooks size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5021\"\u003e#5021\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake oldProps diffing more compact (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5004\"\u003e#5004\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5019\"\u003e#5019\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompat size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5020\"\u003e#5020\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/fce6ed7a6d5f2c7333d9c26fb09f5bb9e929a737\"\u003e\u003ccode\u003efce6ed7\u003c/code\u003e\u003c/a\u003e 10.29.2 (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5091\"\u003e#5091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/84581d0b9bcc8788058fa171f437445471fc0f9f\"\u003e\u003ccode\u003e84581d0\u003c/code\u003e\u003c/a\u003e Fix buggy edge case (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5090\"\u003e#5090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/5a39554bbde4f7768e2537f19896e3ea7cbb592b\"\u003e\u003ccode\u003e5a39554\u003c/code\u003e\u003c/a\u003e Add CODEOWNERS for GitHub configuration (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5088\"\u003e#5088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/562e0f510bb98ccc73d0fea4e8c1339a3cb1da07\"\u003e\u003ccode\u003e562e0f5\u003c/code\u003e\u003c/a\u003e Fix trusted publishing workflow (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5084\"\u003e#5084\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/3a012555a9cd572fb85016c915ac61aecded51b7\"\u003e\u003ccode\u003e3a01255\u003c/code\u003e\u003c/a\u003e Trusted publishing (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5072\"\u003e#5072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/cae8d3a4a6695809e287ec7fddd992db377a1234\"\u003e\u003ccode\u003ecae8d3a\u003c/code\u003e\u003c/a\u003e Fix migrations when we have defaultValue or value on a textarea (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5081\"\u003e#5081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/4dc9b508dd37544b858bfa52d28e12d219effdbb\"\u003e\u003ccode\u003e4dc9b50\u003c/code\u003e\u003c/a\u003e 10.29.1 (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5071\"\u003e#5071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/0560f9aa1eb7f329033eca51b4c50ade5fb8396e\"\u003e\u003ccode\u003e0560f9a\u003c/code\u003e\u003c/a\u003e Create a unique event-clock for each Preact instance on a page. (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5068\"\u003e#5068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/cda06de806a3244c3dd318dfc2b4c7bf2aca6a9a\"\u003e\u003ccode\u003ecda06de\u003c/code\u003e\u003c/a\u003e Fix incorrect DOM order with conditional ContextProvider and inner keys (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/506\"\u003e#506\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/c859700e53196465607b2a351a2133b1a4d8834a\"\u003e\u003ccode\u003ec859700\u003c/code\u003e\u003c/a\u003e fix: Remove postinstall script for playwright setup (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5063\"\u003e#5063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/preactjs/preact/compare/10.28.2...10.29.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for preact since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `preact-render-to-string` from 6.6.5 to 6.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact-render-to-string/releases\"\u003epreact-render-to-string's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/450\"\u003e#450\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/dbc692fd60a9187174491a085d60e635560cb8c6\"\u003e\u003ccode\u003edbc692f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Adjust the comment-marker for streaming to be the same as renderToStringAsync where we use \\$s\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/461\"\u003e#461\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Reject unsafe namespaced attribute names before normalizing SVG/XML attribute casing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.6.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/457\"\u003e#457\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/ce6ef7153113af70c32ee952d0fbce01e0115de4\"\u003e\u003ccode\u003ece6ef71\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/lemonmade\"\u003e\u003ccode\u003e@​lemonmade\u003c/code\u003e\u003c/a\u003e! - fix: renderToStringAsync produces commas for suspended components with complex children\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.6.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/446\"\u003e#446\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b7b288c68ed8c97ed8eb6c26929111debdc03435\"\u003e\u003ccode\u003eb7b288c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Fix issues regarding streaming full HTML documents\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact-render-to-string/blob/main/CHANGELOG.md\"\u003epreact-render-to-string's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/450\"\u003e#450\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/dbc692fd60a9187174491a085d60e635560cb8c6\"\u003e\u003ccode\u003edbc692f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Adjust the comment-marker for streaming to be the same as renderToStringAsync where we use $s\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/461\"\u003e#461\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Reject unsafe namespaced attribute names before normalizing SVG/XML attribute casing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/457\"\u003e#457\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/ce6ef7153113af70c32ee952d0fbce01e0115de4\"\u003e\u003ccode\u003ece6ef71\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/lemonmade\"\u003e\u003ccode\u003e@​lemonmade\u003c/code\u003e\u003c/a\u003e! - fix: renderToStringAsync produces commas for suspended components with complex children\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/446\"\u003e#446\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b7b288c68ed8c97ed8eb6c26929111debdc03435\"\u003e\u003ccode\u003eb7b288c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Fix issues regarding streaming full HTML documents\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/eb871c8e808ed94bcd95824b10048683d4ccb358\"\u003e\u003ccode\u003eeb871c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/460\"\u003e#460\u003c/a\u003e from preactjs/changeset-release/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b22fc16c3aa8efcd15e33f01b2e9acfd4500f3be\"\u003e\u003ccode\u003eb22fc16\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/833043bc3463c81094464f3143fab3469e2e1052\"\u003e\u003ccode\u003e833043b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/461\"\u003e#461\u003c/a\u003e from preactjs/fix-link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Reject namespaced attribute\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/990307a99cace84c67bd7520a6bd32cffa9ad219\"\u003e\u003ccode\u003e990307a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/458\"\u003e#458\u003c/a\u003e from preactjs/changesets-based-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/bcd3b0b1618dc825a37aef2f8f2052a4b10c8345\"\u003e\u003ccode\u003ebcd3b0b\u003c/code\u003e\u003c/a\u003e Pin npm in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/950a59f11fd0c392890332401f2deb16cdd8b012\"\u003e\u003ccode\u003e950a59f\u003c/code\u003e\u003c/a\u003e Add changesets based publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/797a662aa267c917fcb446cd92129066db682b6e\"\u003e\u003ccode\u003e797a662\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/450\"\u003e#450\u003c/a\u003e from preactjs/id-adjustements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/df713c5a475baf34b26a77a6c1f00ad078d73a68\"\u003e\u003ccode\u003edf713c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/454\"\u003e#454\u003c/a\u003e from preactjs/changeset-release/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/39da545985de82cac948cdb52081e52bf76591f5\"\u003e\u003ccode\u003e39da545\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/preactjs/preact-render-to-string/compare/v6.6.5...v6.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rehype-citation` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/timlrx/rehype-citation/releases\"\u003erehype-citation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/60\"\u003etimlrx/rehype-citation#60\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update ci and netlify node version by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/61\"\u003etimlrx/rehype-citation#61\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: footnote typing by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/62\"\u003etimlrx/rehype-citation#62\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\"\u003ehttps://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/19a9f4dfb9815fc16d0df53aa93a8b2a954ef3ba\"\u003e\u003ccode\u003e19a9f4d\u003c/code\u003e\u003c/a\u003e 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/d785742ee34ae15c4562309623567b4e5e4fb639\"\u003e\u003ccode\u003ed785742\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/62\"\u003e#62\u003c/a\u003e from timlrx/fix-footnote-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/dbfce4828e1c991fd5645908aff7aba5aef54ff2\"\u003e\u003ccode\u003edbfce48\u003c/code\u003e\u003c/a\u003e fix: footnote typing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/b3d64a086836f998de5801b42952738be7d38128\"\u003e\u003ccode\u003eb3d64a0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/61\"\u003e#61\u003c/a\u003e from timlrx/update-ci-node-version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/21e59f74581be2d9c82ca7a0789f2c24fa9bda50\"\u003e\u003ccode\u003e21e59f7\u003c/code\u003e\u003c/a\u003e chore: update netlify node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/eceb790b3886da8502a6e0e33f40b5be44ca9931\"\u003e\u003ccode\u003eeceb790\u003c/code\u003e\u003c/a\u003e chore: update ci node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/a86aec612e8da9756fcc562c137cdc6cd289f9a7\"\u003e\u003ccode\u003ea86aec6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/60\"\u003e#60\u003c/a\u003e from timlrx/update-dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/17966586b5fceef9a6a6c5804e02ff7c1107b0c9\"\u003e\u003ccode\u003e1796658\u003c/code\u003e\u003c/a\u003e chore: update to tailwind v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/6bcf5a58967b050862287f2d9b81a56b35146952\"\u003e\u003ccode\u003e6bcf5a5\u003c/code\u003e\u003c/a\u003e chore: sync changes from citation-js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/67a76f2054a5ce3db6e139569f0262a6248e28a9\"\u003e\u003ccode\u003e67a76f2\u003c/code\u003e\u003c/a\u003e chore: update outdated link\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rehype-pretty-code` from 0.14.1 to 0.14.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/releases\"\u003erehype-pretty-code's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erehype-pretty-code@0.14.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Shiki 4\u003c/li\u003e\n\u003cli\u003echore: fix npm OIDC trusted publishing workflow\u003c/li\u003e\n\u003cli\u003edocs: update docs with renamed shiki function: \u003ccode\u003egetHighlighter\u003c/code\u003e -\u0026gt; \u003ccode\u003ecreateHighlighter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/blob/master/packages/core/CHANGELOG.md\"\u003erehype-pretty-code's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.14.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: fix npm OIDC trusted publishing workflow\u003c/li\u003e\n\u003cli\u003edocs: update docs with renamed shiki function: \u003ccode\u003egetHighlighter\u003c/code\u003e -\u0026gt; \u003ccode\u003ecreateHighlighter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.14.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Shiki 4\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/8c3530faea43a7e23ed5e301024d2860970e9594\"\u003e\u003ccode\u003e8c3530f\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/9b53bd13bd7d4c878e9151f5151c5923757889ae\"\u003e\u003ccode\u003e9b53bd1\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/d14e99613309c386116d26f8f815ffd682e1ed46\"\u003e\u003ccode\u003ed14e996\u003c/code\u003e\u003c/a\u003e Support Shiki 4 (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commits/rehype-pretty-code@0.14.3/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for rehype-pretty-code since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `satori` from 0.19.1 to 0.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/satori/releases\"\u003esatori's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.26.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.25.0...0.26.0\"\u003e0.26.0\u003c/a\u003e (2026-03-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuiltin minimal JSX runtime (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/737\"\u003e#737\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/eab60eeecca1bcefc95d69a674f20f572155fe26\"\u003eeab60ee\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.24.1...0.25.0\"\u003e0.25.0\u003c/a\u003e (2026-03-05)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCSS variables (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/736\"\u003e#736\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/d2469131e1e42c0c599c3be108ba9b500cc99ca0\"\u003ed246913\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.24.0...0.24.1\"\u003e0.24.1\u003c/a\u003e (2026-03-03)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsistent text positioning when embedFont is false (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/723\"\u003e#723\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/dc07b7002bdc5b6f1915149c5510ff79b4587816\"\u003edc07b70\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.23.0...0.24.0\"\u003e0.24.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved object-position support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/734\"\u003e#734\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/9377f705f6511fadf8fb01dbbda960fe7b2732ab\"\u003e9377f70\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.23.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.22.0...0.23.0\"\u003e0.23.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd text-indent support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/733\"\u003e#733\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/2b7e8255c8c368df1ec61d050ccf3ffc7d0b47ff\"\u003e2b7e825\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.22.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.21.0...0.22.0\"\u003e0.22.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for object-fit \u003ccode\u003efill\u003c/code\u003e and \u003ccode\u003escale-down\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/732\"\u003e#732\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/453fd917b137a16f3cf514017e262c7e53527e5f\"\u003e453fd91\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.21.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.20.0...0.21.0\"\u003e0.21.0\u003c/a\u003e (2026-03-02)\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/eab60eeecca1bcefc95d69a674f20f572155fe26\"\u003e\u003ccode\u003eeab60ee\u003c/code\u003e\u003c/a\u003e feat: builtin minimal JSX runtime (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/737\"\u003e#737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/d2469131e1e42c0c599c3be108ba9b500cc99ca0\"\u003e\u003ccode\u003ed246913\u003c/code\u003e\u003c/a\u003e feat: CSS variables (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/736\"\u003e#736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/dc07b7002bdc5b6f1915149c5510ff79b4587816\"\u003e\u003ccode\u003edc07b70\u003c/code\u003e\u003c/a\u003e fix: Consistent text positioning when embedFont is false (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/723\"\u003e#723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/54a749b3326e3b43d2d81149679d832c9d47f9dc\"\u003e\u003ccode\u003e54a749b\u003c/code\u003e\u003c/a\u003e chore: export InitInput and allow Promise (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/9377f705f6511fadf8fb01dbbda960fe7b2732ab\"\u003e\u003ccode\u003e9377f70\u003c/code\u003e\u003c/a\u003e feat: Improved object-position support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/734\"\u003e#734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/2b7e8255c8c368df1ec61d050ccf3ffc7d0b47ff\"\u003e\u003ccode\u003e2b7e825\u003c/code\u003e\u003c/a\u003e feat: Add text-indent support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/733\"\u003e#733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/453fd917b137a16f3cf514017e262c7e53527e5f\"\u003e\u003ccode\u003e453fd91\u003c/code\u003e\u003c/a\u003e feat: Support for object-fit \u003ccode\u003efill\u003c/code\u003e and \u003ccode\u003escale-down\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/732\"\u003e#732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/c8dd6f5cc16085df1fdcf5711562439f3e26d0de\"\u003e\u003ccode\u003ec8dd6f5\u003c/code\u003e\u003c/a\u003e chore: Add more tests (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/c1087d63970e9798450bb974f35f1af526ce294d\"\u003e\u003ccode\u003ec1087d6\u003c/code\u003e\u003c/a\u003e chore: Update benchmark code (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/730\"\u003e#730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/4e761c6b9fdf2959cf2a0292c9d1235154f070b6\"\u003e\u003ccode\u003e4e761c6\u003c/code\u003e\u003c/a\u003e feat: 10% perf improvements in the core lib (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/729\"\u003e#729\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/satori/compare/0.19.1...0.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serve-handler` from 6.1.6 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/serve-handler/releases\"\u003eserve-handler's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.1.7\u003c/h2\u003e\n\u003ch3\u003ePatches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix: update minimatch to 3.1.5 to resolve security vulnerabilities: \u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/228\"\u003e#228\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/ParakhJaggi\"\u003e\u003ccode\u003e@​ParakhJaggi\u003c/code\u003e\u003c/a\u003e  for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/5158ae776863f0d597187e11260d963e7a78c6a0\"\u003e\u003ccode\u003e5158ae7\u003c/code\u003e\u003c/a\u003e 6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/754d1dcb5bb6dbd164667368be5e1b1278f1da60\"\u003e\u003ccode\u003e754d1dc\u003c/code\u003e\u003c/a\u003e fix: update minimatch to 3.1.5 to resolve security vulnerabilities (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/228\"\u003e#228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/8b357fad752db5e9439e92513286970f68ed953e\"\u003e\u003ccode\u003e8b357fa\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;chore(deps): upgrade minimatch to v10.2.4 (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/226\"\u003e#226\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/8df54ef09a5497641403cd4a888525a4831f4208\"\u003e\u003ccode\u003e8df54ef\u003c/code\u003e\u003c/a\u003e chore(deps): upgrade minimatch to v10.2.4 (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vercel/serve-handler/compare/6.1.6...6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shiki` from 1.26.2 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shikijs/shiki/releases\"\u003eshiki's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003etwoslash\u003c/strong\u003e: Forward \u003ccode\u003etsModule\u003c/code\u003e to \u003ccode\u003ecreateTwoslasher\u003c/code\u003e  -  by \u003ca href=\"https://github.com/arthurfiorette\"\u003e\u003ccode\u003e@​arthurfiorette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1271\"\u003eshikijs/shiki#1271\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/be89afcf\"\u003e\u003c!-- raw HTML omitted --\u003e(be89a)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.2...v4.1.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport ANSI language with multiple themes  -  by \u003ca href=\"https://github.com/dan-lee\"\u003e\u003ccode\u003e@​dan-lee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1259\"\u003eshikijs/shiki#1259\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/2a232309\"\u003e\u003c!-- raw HTML omitted --\u003e(2a232)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.1...v4.0.2\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTry fix dts bundle, thanks \u003ca href=\"https://github.com/sxzz\"\u003e\u003ccode\u003e@​sxzz\u003c/code\u003e\u003c/a\u003e  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/1f26cb1c\"\u003e\u003c!-- raw HTML omitted --\u003e(1f26c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.0...v4.0.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch3\u003e   🚨 Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop Node v18 support, remove deprecated APIs  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1249\"\u003eshikijs/shiki#1249\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/cdca9945\"\u003e\u003c!-- raw HTML omitted --\u003e(cdca9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA leaner \u003ccode\u003e@shikijs/primitive\u003c/code\u003e package  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1251\"\u003eshikijs/shiki#1251\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/05a77f1b\"\u003e\u003c!-- raw HTML omitted --\u003e(05a77)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNew \u003ccode\u003e@shikijs/markdown-exit\u003c/code\u003e package  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/d1257c25\"\u003e\u003c!-- raw HTML omitted --\u003e(d1257)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v3.23.0...v4.0.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.23.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate grammar and themes  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/9b4cacac\"\u003e\u003c!-- raw HTML omitted --\u003e(9b4ca)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd stdin support and list commands  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1241\"\u003eshikijs/shiki#1241\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/213f19bf\"\u003e\u003c!-- raw HTML omitted --\u003e(213f1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformers\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd 'leading' position to transformerRenderWhitespace  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1236\"\u003eshikijs/shiki#1236\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/49cbb761\"\u003e\u003c!-- raw HTML omitted --\u003e(49cbb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for [!code info] notation  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1237\"\u003eshikijs/shiki#1237\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/cd2a6d94\"\u003e\u003c!-- raw HTML omitted --\u003e(cd2a6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edeclare\u003c/code\u003e modifier to top level declarations in \u003ccode\u003e.d.ts\u003c/code\u003e  -  by \u003ca href=\"https://github.com/KazariEX\"\u003e\u003ccode\u003e@​KazariEX\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1242\"\u003eshikijs/shiki#1242\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/142d55c3\"\u003e\u003c!-- raw HTML omitted --\u003e(142d5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e: Normalize language/extension casing for CLI inputs  -  b...\n\n_Description has been truncated_","html_url":"https://github.com/soulcruzer/soulcruzer/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/soulcruzer%2Fsoulcruzer/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4559646532","node_id":"PR_kwDOJGOvU87hL8m3","number":42,"state":"open","title":"Bump the actions-deps group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T01:12:51.000Z","updated_at":"2026-06-01T01:12:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"actions-deps","update_count":11,"packages":[{"name":"@actions/core","old_version":"3.0.0","new_version":"3.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/github","old_version":"9.0.0","new_version":"9.1.1","repository_url":"https://github.com/actions/toolkit"},{"name":"js-yaml","old_version":"4.1.1","new_version":"4.2.0","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"minimatch","old_version":"5.1.2","new_version":"10.2.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"zod","old_version":"4.3.6","new_version":"4.4.3","repository_url":"https://github.com/colinhacks/zod"},{"name":"@types/minimatch","old_version":"5.1.2","new_version":"6.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/node","old_version":"25.2.3","new_version":"25.9.1","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"jest","old_version":"30.2.0","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.3","repository_url":"https://github.com/prettier/prettier"},{"name":"ts-jest","old_version":"29.4.6","new_version":"29.4.11","repository_url":"https://github.com/kulshekhar/ts-jest"},{"name":"typescript","old_version":"5.9.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the actions-deps group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `3.0.0` | `3.0.1` |\n| [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) | `9.0.0` | `9.1.1` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.2` | `10.2.5` |\n| [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` |\n| [@types/minimatch](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/minimatch) | `5.1.2` | `6.0.0` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.2.3` | `25.9.1` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.2.0` | `30.4.2` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |\n| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.6` | `29.4.11` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |\n\n\nUpdates `@actions/core` from 3.0.0 to 3.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md\"\u003e@​actions/core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2348\"\u003e#2348\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/github` from 9.0.0 to 9.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md\"\u003e@​actions/github's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e9.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2346\"\u003e#2346\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e9.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAppend \u003ccode\u003eactions_orchestration_id\u003c/code\u003e to user-agent when the \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is set \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2364\"\u003e#2364\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/github\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.1 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.2.0] - 2026-06-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003edocs/safety.md\u003c/code\u003e with notes about processing untrusted YAML.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxDepth\u003c/code\u003e (100) loader option. Not a problem, but gives a better\nexception instead of RangeError on stack overflow.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxMergeSeqLength\u003c/code\u003e (20) loader option. Not a problem after \u003ccode\u003emerge\u003c/code\u003e fix,\nbut an additional restriction for safety.\u003c/li\u003e\n\u003cli\u003eAdded sourcemaps to \u003ccode\u003edist/\u003c/code\u003e builds.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStop resolving numbers with underscores as numeric scalars, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/627\"\u003e#627\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSwitched dev toolchains to Vite / neostandard.\u003c/li\u003e\n\u003cli\u003eUpdated demo.\u003c/li\u003e\n\u003cli\u003eReorganized tests.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edist/\u003c/code\u003e files are no longer kept in the repository.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of properties on the first implicit block mapping key, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/62\"\u003e#62\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix trailing whitespace handling when folding flow scalar lines, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReject top-level block scalars without content indentation, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/280\"\u003e#280\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnsure numbers survive round-trip, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/737\"\u003e#737\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix test coverage for issue \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/221\"\u003e#221\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix flow scalar trailing whitespace folding, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix digits in YAML named tag handles.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential DoS via quadratic complexity in merge - deduplicate repeated\nelements (makes sense for malformed files \u0026gt; 10K).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.2 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/693c82377d0948401be4c6d3220c9a74132ab112\"\u003e\u003ccode\u003e693c823\u003c/code\u003e\u003c/a\u003e 10.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7953af1fac53267c05e362f036b70de898318faa\"\u003e\u003ccode\u003e7953af1\u003c/code\u003e\u003c/a\u003e do not allow .. to consume drive letter on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1caf91893b67586255c68e2e513b14ac66785a24\"\u003e\u003ccode\u003e1caf918\u003c/code\u003e\u003c/a\u003e lint and format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7783ed6670442acb4d455b9b164a1b2a33507a45\"\u003e\u003ccode\u003e7783ed6\u003c/code\u003e\u003c/a\u003e ignore docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/6d9b356cd59372de00e1d5f3b8907a3350b9b8e5\"\u003e\u003ccode\u003e6d9b356\u003c/code\u003e\u003c/a\u003e update deps etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c36addb94e33f14254b9ca9017e63ae9c9d80d1d\"\u003e\u003ccode\u003ec36addb\u003c/code\u003e\u003c/a\u003e 10.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26b90027d5ad0c383b5253a4e45d6dc7da282db4\"\u003e\u003ccode\u003e26b9002\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/3a0d83b6f03a17ebc15361c2faa7110777042aab\"\u003e\u003ccode\u003e3a0d83b\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ea94840326c3f40522f1b544bd2303024b0eec35\"\u003e\u003ccode\u003eea94840\u003c/code\u003e\u003c/a\u003e 10.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0873fbabc00a86e09f4469386059a71abb136c93\"\u003e\u003ccode\u003e0873fba\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v5.1.2...v10.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zod` from 4.3.6 to 4.4.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/colinhacks/zod/releases\"\u003ezod's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.4.3\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo\u003c/li\u003e\n\u003cli\u003e2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing\u003c/li\u003e\n\u003cli\u003e7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones\u003c/li\u003e\n\u003cli\u003e2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern\u003c/li\u003e\n\u003cli\u003e9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)\u003c/li\u003e\n\u003cli\u003eb8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)\u003c/li\u003e\n\u003cli\u003e1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5937\"\u003e#5937\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5939\"\u003e#5939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5941\"\u003e#5941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ef3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3\u003c/li\u003e\n\u003cli\u003e1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.2\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5901\"\u003e#5901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps\u003c/li\u003e\n\u003cli\u003e6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5791\"\u003e#5791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing\u003c/li\u003e\n\u003cli\u003ebbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents\u003c/li\u003e\n\u003cli\u003ecf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint\u003c/li\u003e\n\u003cli\u003e292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor\u003c/li\u003e\n\u003cli\u003e1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion\u003c/li\u003e\n\u003cli\u003e1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance\u003c/li\u003e\n\u003cli\u003ee20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes\u003c/li\u003e\n\u003cli\u003ee58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights\u003c/li\u003e\n\u003cli\u003e905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing\u003c/li\u003e\n\u003cli\u003ebf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md\u003c/li\u003e\n\u003cli\u003e8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch\u003c/li\u003e\n\u003cli\u003e02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5929\"\u003e#5929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated \u003ccode\u003ebaseUrl\u003c/code\u003e from tsconfig\u003c/li\u003e\n\u003cli\u003ec59d4474e3b4cad1b323462186cf607178ce8267 4.4.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.1\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow\u003c/li\u003e\n\u003cli\u003e95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations\u003c/li\u003e\n\u003cli\u003ecede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eedd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1\u003c/li\u003e\n\u003cli\u003e180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.0\u003c/h2\u003e\n\u003ch2\u003e4.4.0\u003c/h2\u003e\n\u003cp\u003eThis is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.\u003c/p\u003e\n\u003ch2\u003ePotentially breaking bug fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/1fb56a5c18c27102dbc92260a4007c7732a0ccca\"\u003e\u003ccode\u003e1fb56a5\u003c/code\u003e\u003c/a\u003e docs: document release procedure in AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/f3c9ec03ba7a28ae72d25cc295f38674bee0f559\"\u003e\u003ccode\u003ef3c9ec0\u003c/code\u003e\u003c/a\u003e 4.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/c2be4f819064eed62c7c350a2d399b5faecd15f8\"\u003e\u003ccode\u003ec2be4f8\u003c/code\u003e\u003c/a\u003e fix(v4): generalize optin/fallback to transform; restore preprocess on absent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/1cab69383fcdeae2a366d5e2a2fc4d8fc765d168\"\u003e\u003ccode\u003e1cab693\u003c/code\u003e\u003c/a\u003e fix(v4): restore catch handling for absent object keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5937\"\u003e#5937\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5939\"\u003e#5939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/b8dffe9e62f17e6571e6249d05cc5102b54d94e4\"\u003e\u003ccode\u003eb8dffe9\u003c/code\u003e\u003c/a\u003e docs: remove Numeric and Speakeasy (2+ missed monthly cycles)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/9195250cab0e7950efe39c3926d6c203b4b0a170\"\u003e\u003ccode\u003e9195250\u003c/code\u003e\u003c/a\u003e docs: remove Mintlify from bronze sponsors (churned)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/2c703322a21b4e2b12f33f49ea8430c451a68b4f\"\u003e\u003ccode\u003e2c70332\u003c/code\u003e\u003c/a\u003e docs: normalize bronze sponsor logos to github avatar pattern\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/7391be88ac1ee5cd02057f5ccc012a1f5df4efd0\"\u003e\u003ccode\u003e7391be8\u003c/code\u003e\u003c/a\u003e docs: prune lapsed silver/bronze sponsors and add active ones\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/2aeec83eb135e3a83756e973ef44845fc5a455d2\"\u003e\u003ccode\u003e2aeec83\u003c/code\u003e\u003c/a\u003e docs: prune lapsed gold sponsors and rebalance logo sizing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/4c2fa95ce3f3390fbc522324e406b4e9e89b88f9\"\u003e\u003ccode\u003e4c2fa95\u003c/code\u003e\u003c/a\u003e docs: use Zernio primary wordmark for gold sponsor logo\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/colinhacks/zod/compare/v4.3.6...v4.4.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for zod since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/minimatch` from 5.1.2 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/minimatch\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/node` from 25.2.3 to 25.9.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jest` from 30.2.0 to 30.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ejest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.2\u003c/h2\u003e\n\u003ch1\u003eFixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.1\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.0\u003c/h2\u003e\n\u003cp\u003eBig release! 😀\u003c/p\u003e\n\u003cp\u003eMain feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work \u003ccode\u003erequire(esm)\u003c/code\u003e module is now supported on Node 24.9+ (still requires \u003ccode\u003e--experimental-vm-modules\u003c/code\u003e like before).\u003c/p\u003e\n\u003cp\u003eIn addition we now support fake timers for the recently released \u003ccode\u003eTemporal\u003c/code\u003e API in Node v26.\u003c/p\u003e\n\u003cp\u003eReact 19 is also supported properly in \u003ccode\u003epretty-format\u003c/code\u003e, meaning snapshots of React components now work like they should.\u003c/p\u003e\n\u003cp\u003eDue to all the changes, there might be regressions that snuck in. Please report them!\u003c/p\u003e\n\u003cp\u003eFull list of changes below\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ejest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus]\u003c/code\u003e Prevent crash when \u003ccode\u003easyncError\u003c/code\u003e is undefined for non-Error throws (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16003\"\u003e#16003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-jasmine2]\u003c/code\u003e Include \u003ccode\u003eError.cause\u003c/code\u003e in JSON \u003ccode\u003efailureMessages\u003c/code\u003e output (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15967\"\u003e#15967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Fix preset path resolution on Windows when the preset uses subpath \u003ccode\u003eexports\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15961\"\u003e#15961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config without a validation warning (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Project config validator now emits \u0026quot;is not supported in an individual project configuration\u0026quot; instead of \u0026quot;probably a typing mistake\u0026quot; for known global-only options (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-environment-node]\u003c/code\u003e Fix \u003ccode\u003e--localstorage-file\u003c/code\u003e warning on Node 25+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16086\"\u003e#16086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-reporters]\u003c/code\u003e Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16137\"\u003e#16137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/746f2a0f57c56e3bba555280f0587d40f3db95c0\"\u003e\u003ccode\u003e746f2a0\u003c/code\u003e\u003c/a\u003e v30.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/b3b4a09ed3005369dacc7466d1d2122797283785\"\u003e\u003ccode\u003eb3b4a09\u003c/code\u003e\u003c/a\u003e v30.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/5cbb21e0b3037edb42e503ec1a1ce80efad40c20\"\u003e\u003ccode\u003e5cbb21e\u003c/code\u003e\u003c/a\u003e v30.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/db7141a93cc85fab81cf9c25368e1f2b2c312286\"\u003e\u003ccode\u003edb7141a\u003c/code\u003e\u003c/a\u003e fix: allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config (\u003ca href=\"https://github.com/jestjs/jest/tree/HEAD/packages/jest/issues/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/efb59c2e81083f8dc941f20d6d20a3af2dc8d068\"\u003e\u003ccode\u003eefb59c2\u003c/code\u003e\u003c/a\u003e v30.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/96c53d30660e51bf76ed2cd1ecc2334c399ac31c\"\u003e\u003ccode\u003e96c53d3\u003c/code\u003e\u003c/a\u003e feat(jest-config): add \u003ccode\u003edefineConfig\u003c/code\u003e and \u003ccode\u003emergeConfig\u003c/code\u003e functions (\u003ca href=\"https://github.com/jestjs/jest/tree/HEAD/packages/jest/issues/15844\"\u003e#15844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jestjs/jest/commits/v30.4.2/packages/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prettier` from 3.8.1 to 3.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/releases\"\u003eprettier's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003eprettier/prettier#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/3.8.3/CHANGELOG.md#383\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Angular v21.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md#382\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md\"\u003eprettier's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.8.3\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.2...3.8.3\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003e#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"scss\"\u003e\u003ccode\u003e// Input\n$value: if(sass(false): 1; else: -1);\n\u003cp\u003e// Prettier 3.8.2\n$value: if(\nsass(false): 1; else: -1,\n);\u003c/p\u003e\n\u003cp\u003e// Prettier 3.8.3\n$value: if(sass(false): 1; else: -1);\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch1\u003e3.8.2\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.2\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eAngular: Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18722\"\u003e#18722\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/prettier/prettier/pull/19034\"\u003e#19034\u003c/a\u003e by \u003ca href=\"https://github.com/fisker\"\u003e\u003ccode\u003e@​fisker\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eExhaustive typechecking with \u003ccode\u003e@default never;\u003c/code\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- Input --\u0026gt;\n@switch (foo) {\n  @case (1) {}\n  @default never;\n}\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.1 --\u0026gt;\nSyntaxError: Incomplete block \u0026quot;default never\u0026quot;. If you meant to write the @ character, you should use the \u0026quot;\u0026amp;\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/64\"\u003e#64\u003c/a\u003e;\u0026quot; HTML entity instead. (3:3)\u003c/p\u003e\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.2 --\u0026gt;\n\u003ca href=\"https://github.com/switch\"\u003e\u003ccode\u003e@​switch\u003c/code\u003e\u003c/a\u003e (foo) {\n\u003ca href=\"https://github.com/case\"\u003e\u003ccode\u003e@​case\u003c/code\u003e\u003c/a\u003e (1) {}\n\u003ca href=\"https://github.com/default\"\u003e\u003ccode\u003e@​default\u003c/code\u003e\u003c/a\u003e never;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003earrow function\u003c/code\u003e and \u003ccode\u003einstanceof\u003c/code\u003e expressions.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/d7108a79ec745c04292aabf22c4c1adbd690b191\"\u003e\u003ccode\u003ed7108a7\u003c/code\u003e\u003c/a\u003e Release 3.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/177f90898170d363ef64fde663e4d13170688bfe\"\u003e\u003ccode\u003e177f908\u003c/code\u003e\u003c/a\u003e Prevent trailing comma in SCSS \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18471\"\u003e#18471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/1cd40668c3d6f2f4cf9d87bbc9096d92361b2606\"\u003e\u003ccode\u003e1cd4066\u003c/code\u003e\u003c/a\u003e Release \u003ccode\u003e@​prettier/plugin-oxc\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/a8700e245038cd8cc0cf28ef06ffedbcb3fc2dfc\"\u003e\u003ccode\u003ea8700e2\u003c/code\u003e\u003c/a\u003e Update oxc-parser to v0.125.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/752157c78eca6f0a30e5d5cb513b682c5ecfa01e\"\u003e\u003ccode\u003e752157c\u003c/code\u003e\u003c/a\u003e Fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/053fd418e180b12fa2014260212fae831f5fc5ec\"\u003e\u003ccode\u003e053fd41\u003c/code\u003e\u003c/a\u003e Bump Prettier dependency to 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/904c6365ec46726fd0e21021c52ae934b7e5abc6\"\u003e\u003ccode\u003e904c636\u003c/code\u003e\u003c/a\u003e Clean changelog_unreleased\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/dc1f7fcc508d116cbf1644d69a1f0eb93e40d4a4\"\u003e\u003ccode\u003edc1f7fc\u003c/code\u003e\u003c/a\u003e Update dependents count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/b31557cf331a02acf83e7e29d1001b070189a0d9\"\u003e\u003ccode\u003eb31557c\u003c/code\u003e\u003c/a\u003e Release 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/96bbaeda0525bf758e464aed2f939d739a85c315\"\u003e\u003ccode\u003e96bbaed\u003c/code\u003e\u003c/a\u003e Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18722\"\u003e#18722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ts-jest` from 29.4.6 to 29.4.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kulshekhar/ts-jest/releases\"\u003ets-jest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev29.4.11\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev29.4.10\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev29.4.9\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev29.4.8\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev29.4.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003ets-jest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.10...v29.4.11\"\u003e29.4.11\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve Bundler on the CJS path under TypeScript \u0026gt;= 6 (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/39418187515f11b6584d35a4e3ddf50231f74936\"\u003e3941818\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/4198\"\u003e#4198\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.9...v29.4.10\"\u003e29.4.10\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epass \u003ccode\u003eresolutionMode\u003c/code\u003e to \u003ccode\u003ets.resolveModuleName\u003c/code\u003e for hybrid module support (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/b557a85f85c3fd34523ec3a15293afbdc9dea83c\"\u003eb557a85\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erebuild \u003ccode\u003eProgram\u003c/code\u003e when consecutive compiles need different module kinds (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/a82a2b32c4987a5249fd5284283117dd2fa3be47\"\u003ea82a2b3\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/4774\"\u003e#4774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erespect tsconfig \u003ccode\u003emoduleResolution\u003c/code\u003e instead of forcing \u003ccode\u003eNode10\u003c/code\u003e (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/1bffffc667557c173ae0c1f93dd436920775dac4\"\u003e1bffffc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformer:\u003c/strong\u003e transpile \u003ccode\u003emjs\u003c/code\u003e files from \u003ccode\u003enode_modules\u003c/code\u003e for CJS mode (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/96d025dd912ea2bceb18b67d2d509ada7a756d9d\"\u003e96d025d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformer:\u003c/strong\u003e use a consistent comparator in hoist-jest sortStatements (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/8a8fd2fb8446655bba18367db9306a1089490e62\"\u003e8a8fd2f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.8...v29.4.9\"\u003e29.4.9\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003euse correct registry for npm OIDC trusted publishing (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/f8a9cc9892\"\u003ef8a9cc9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.7...v29.4.8\"\u003e29.4.8\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ewrong published assets\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.6...v29.4.7\"\u003e29.4.7\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esupport TypeScript v6 (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/eda517d226389317d99572887d3c1aa93c81be87\"\u003eeda517d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/bff2d64917caa8150701829b152c4d193614d997\"\u003e\u003ccode\u003ebff2d64\u003c/code\u003e\u003c/a\u003e chore(release): 29.4.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/39418187515f11b6584d35a4e3ddf50231f74936\"\u003e\u003ccode\u003e3941818\u003c/code\u003e\u003c/a\u003e fix: preserve Bundler on the CJS path under TypeScript \u0026gt;= 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/efb3c2f84d3583db0787982a18425d99edadfe25\"\u003e\u003ccode\u003eefb3c2f\u003c/code\u003e\u003c/a\u003e build(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /website\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/4e46fad6c1c4d5be5d6666c64bf65a3af2f1519e\"\u003e\u003ccode\u003e4e46fad\u003c/code\u003e\u003c/a\u003e ci: refactor release workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/96b3ac0cc0586d5379c87308f797a9acf0e4a675\"\u003e\u003ccode\u003e96b3ac0\u003c/code\u003e\u003c/a\u003e chore(release): 29.4.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/e98ec6452548a61285d55c00c7f6b1fd9858d699\"\u003e\u003ccode\u003ee98ec64\u003c/code\u003e\u003c/a\u003e build(deps): update github/codeql-action digest to 458d36d\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/21ac58f60f93164640433250fb4ca8b671aa8587\"\u003e\u003ccode\u003e21ac58f\u003c/code\u003e\u003c/a\u003e build(deps): update jest packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/0fdc96d293c6ce047bf61831b721218623882e78\"\u003e\u003ccode\u003e0fdc96d\u003c/code\u003e\u003c/a\u003e build(deps): update dependency semver to ^7.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/4b95551190235a65eac176625c72e220af066efe\"\u003e\u003ccode\u003e4b95551\u003c/code\u003e\u003c/a\u003e build(deps): update dependency jest-environment-jsdom to ^30.4.1 (\u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/5311\"\u003e#5311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/7b884476f7891e2b9a8637e2f6bb2e09b7efcfbd\"\u003e\u003ccode\u003e7b88447\u003c/code\u003e\u003c/a\u003e build(deps): update eslint packages to ^8.59.3 (\u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/5310\"\u003e#5310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.6...v29.4.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for ts-jest since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typescript` from 5.9.3 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/TypeScript/releases\"\u003etypescript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTypeScript 6.0.3\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0/\"\u003erelease announcement blog post\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22\"\u003efixed issues query for TypeScript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.1%22\"\u003efixed issues query for TypeScript 6.0.1 (RC)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.2%22\"\u003efixed issues query for TypeScript 6.0.2 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.3%22\"\u003efixed issues query for TypeScript 6.0.3 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTypeScript 6.0\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0/\"\u003erelease announcement blog post\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22\"\u003efixed issues query for TypeScript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.1%22\"\u003efixed issues query for TypeScript 6.0.1 (RC)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.2%22\"\u003efixed issues query for TypeScript 6.0.2 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTypeScript 6.0 Beta\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0-beta/\"\u003erelease announcement\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22+is%3Aclosed+\"\u003efixed issues query for Typescript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/050880ce59e30b356b686bd3144efe24f875ebc8\"\u003e\u003ccode\u003e050880c\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.3 and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/eeae9dd0f17aa494658e4ec079dc002e02dd625e\"\u003e\u003ccode\u003eeeae9dd\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63401\"\u003e#63401\u003c/a\u003e (Also check package name validity in...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/ad1c695fada682764bb510dd680e8f175ae54094\"\u003e\u003ccode\u003ead1c695\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63368\"\u003e#63368\u003c/a\u003e (Harden ATA package name filtering) into release-6.0 (\u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63372\"\u003e#63372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/0725fb4664a1d5ec94040b6d94db77dc1cc354e4\"\u003e\u003ccode\u003e0725fb4\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63310\"\u003e#63310\u003c/a\u003e (Mark class property initializers as...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/607a22a90d1a5a1b507ce01bb8cd7ec020f954e7\"\u003e\u003ccode\u003e607a22a\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.2 and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/9e72ab71b575e26795d0d9eac3d2d9957beed17c\"\u003e\u003ccode\u003e9e72ab7\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63239\"\u003e#63239\u003c/a\u003e (Fix missing lib files in reused pro...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/35ff23d4b0cc715691323ebe54f523c16fe6e3a5\"\u003e\u003ccode\u003e35ff23d\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63163\"\u003e#63163\u003c/a\u003e (Port anyFunctionType subtype fix an...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/e175b69138038953d4e85bf6529afe88d56d8fbe\"\u003e\u003ccode\u003ee175b69\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.1-rc and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/af4caac0e91e838c46b3fdc1c9afacad68800f89\"\u003e\u003ccode\u003eaf4caac\u003c/code\u003e\u003c/a\u003e Update LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/8efd7e8544d8b35c9b33bca44a3124aa2613bf09\"\u003e\u003ccode\u003e8efd7e8\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into release-6.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/actions-marketplace-validations/contractify_label-and-assign/pull/42","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-marketplace-validations%2Fcontractify_label-and-assign/issues/42","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/42/packages"},{"uuid":"4559390795","node_id":"PR_kwDOSc4Q1s7hLKi0","number":25,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T23:40:51.000Z","updated_at":"2026-05-31T23:42:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"vite","old_version":"6.4.1","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"axios","old_version":"1.13.5","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.3.1","new_version":"3.4.7","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.57.1","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"socket.io-parser","old_version":"4.2.5","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"ws","old_version":"8.18.3","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.1` | `6.4.2` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.1` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.7` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.57.1` | `4.60.4` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.5` | `4.2.6` |\n| [ws](https://github.com/websockets/ws) | `8.18.3` | `8.20.1` |\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.4.1 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.5 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.1 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHardened the handling of Shadow Roots when using \u003ccode\u003eIN_PLACE\u003c/code\u003e, thanks \u003ca href=\"https://github.com/GameZoneHacker\"\u003e\u003ccode\u003e@​GameZoneHacker\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved a problem leading to permanent hook pollution, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactored the test suite and expanded test coverage significantly\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed several issues with DOM Clobbering in \u003ccode\u003eIN_PLACE\u003c/code\u003e mode, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/Bankde\"\u003e\u003ccode\u003e@​Bankde\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHardened the checks for cross-realm \u003ccode\u003eIN_PLACE\u003c/code\u003e and Shadow DOM sanitization, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/Bankde\"\u003e\u003ccode\u003e@​Bankde\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded more test coverage for \u003ccode\u003eIN_PLACE\u003c/code\u003e and general DOM Clobbering attacks\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bypass caused by the new HTML element \u003ccode\u003eselectedcontent\u003c/code\u003e added in 3.4.4, thanks \u003ca href=\"https://github.com/KabirAcharya\"\u003e\u003ccode\u003e@​KabirAcharya\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.\u003c/strong\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.4.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003eselectedcontent\u003c/code\u003e element to default allow-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecommand\u003c/code\u003e and \u003ccode\u003ecommandfor\u003c/code\u003e attributes to default allowed-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better template scrubbing for \u003ccode\u003eIN_PLACE\u003c/code\u003e operations, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded stronger checks for cross-realm windows, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/fg0x0\"\u003e\u003ccode\u003e@​fg0x0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated demo website and made sure it uses the latest from main\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, dependabot, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🚨 \u003cstrong\u003eThis release had been flagged as deprecated, please use DOMPurify 3.4.5 instead\u003c/strong\u003e 🚨\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.4.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with handling of nested Shadow DOM trees, thanks \u003ca href=\"https://github.com/fishjojo1\"\u003e\u003ccode\u003e@​fishjojo1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the template regexes to be more robust against ReDoS attacks, thanks \u003ca href=\"https://github.com/aleung27\"\u003e\u003ccode\u003e@​aleung27\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated the node iteration code to catch more Shadow DOM related issues\u003c/li\u003e\n\u003cli\u003eUpdated Playwright and added Node 26 to test matrix\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, release signing, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with URI validation on attributes allowed via \u003ccode\u003eADD_ATTR\u003c/code\u003e callback, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with source maps referring to non-existing files, thanks \u003ca href=\"https://github.com/cmdcolin\"\u003e\u003ccode\u003e@​cmdcolin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, release signing, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with on-handler stripping for HTML-spec-reserved custom element names (\u003ccode\u003efont-face\u003c/code\u003e, \u003ccode\u003ecolor-profile\u003c/code\u003e, \u003ccode\u003emissing-glyph\u003c/code\u003e, \u003ccode\u003efont-face-src\u003c/code\u003e, \u003ccode\u003efont-face-uri\u003c/code\u003e, \u003ccode\u003efont-face-format\u003c/code\u003e, \u003ccode\u003efont-face-name\u003c/code\u003e) under permissive \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed a case-sensitivity gap in the \u003ccode\u003eannotation-xml\u003c/code\u003e check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e repeatedly prefixing already-prefixed \u003ccode\u003eid\u003c/code\u003e and \u003ccode\u003ename\u003c/code\u003e values on subsequent sanitization\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eIN_PLACE\u003c/code\u003e root-node check to explicitly guard against non-string \u003ccode\u003enodeName\u003c/code\u003e (DOM-clobbering robustness)\u003c/li\u003e\n\u003cli\u003eRemoved a duplicate \u003ccode\u003eslot\u003c/code\u003e entry from the default HTML attribute allow-list\u003c/li\u003e\n\u003cli\u003eStrengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e, and a negative-control assertion ensuring the invariants actually fire\u003c/li\u003e\n\u003cli\u003eAdded regression and pinning tests covering the above fixes and two accepted-behavior contracts (\u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e greedy scrub, hook-added attribute handling)\u003c/li\u003e\n\u003cli\u003eExtended CodeQL analysis to run on \u003ccode\u003e3.x\u003c/code\u003e and \u003ccode\u003e2.x\u003c/code\u003e maintenance branches\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/ca30f070c360df162a3e3848e80e6fd3c9e74bff\"\u003e\u003ccode\u003eca30f07\u003c/code\u003e\u003c/a\u003e release: 3.4.7 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1414\"\u003e#1414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/bb7739e5bccec7e1ab3dae3f3e42d02db3acaaae\"\u003e\u003ccode\u003ebb7739e\u003c/code\u003e\u003c/a\u003e release: 3.4.6 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1394\"\u003e#1394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/011b0c78f2a0f57ee54f5fcccb697a46ca6e63ea\"\u003e\u003ccode\u003e011b0c7\u003c/code\u003e\u003c/a\u003e release: 3.4.5 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1382\"\u003e#1382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5817ad969c15e67dfcd6cb37248d6e9c1553e7c3\"\u003e\u003ccode\u003e5817ad9\u003c/code\u003e\u003c/a\u003e release: 3.4.4 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/520edb0371a9638f9b51f1798051299a250c686b\"\u003e\u003ccode\u003e520edb0\u003c/code\u003e\u003c/a\u003e release: 3.4.3 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1352\"\u003e#1352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6f67fd396a7b8c64294343999fe607ca1f5299c0\"\u003e\u003ccode\u003e6f67fd3\u003c/code\u003e\u003c/a\u003e Sync/3.4.2 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1322\"\u003e#1322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b0cdbbf52331e854c0a2de875b1a3790ecec2b8\"\u003e\u003ccode\u003e5b0cdbb\u003c/code\u003e\u003c/a\u003e chore: merge main into 3.x for 3.4.1 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1301\"\u003e#1301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/09f59115a311469de5b625225760593e551f080a\"\u003e\u003ccode\u003e09f5911\u003c/code\u003e\u003c/a\u003e test: added three more browsers to test setup (OSX, mobile)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.57.1 to 4.60.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.60.4\u003c/h2\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.2\u003c/h2\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6346\"\u003e#6346\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6347\"\u003e#6347\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6348\"\u003e#6348\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6349\"\u003e#6349\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6350\"\u003e#6350\u003c/a\u003e: fix: reset variable render names between outputs in the same generate (\u003ca href=\"https://github.com/barry3406\"\u003e\u003ccode\u003e@​barry3406\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6351\"\u003e#6351\u003c/a\u003e: chore(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6352\"\u003e#6352\u003c/a\u003e: chore(deps): update cross-platform-actions/action action to v1 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6353\"\u003e#6353\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6354\"\u003e#6354\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6355\"\u003e#6355\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6356\"\u003e#6356\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6358\"\u003e#6358\u003c/a\u003e: chore: remove cross-env from devDeps (\u003ca href=\"https://github.com/K-tecchan\"\u003e\u003ccode\u003e@​K-tecchan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.1\u003c/h2\u003e\n\u003ch2\u003e4.60.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://re...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate npm dependencies to pick up security and stability fixes across the stack. Key bumps include `lodash@4.18.1`, `postcss@8.5.15`, `vite@6.4.2`, `axios@1.16.1`, `dompurify@3.4.7`, and `rollup@4.60.4`.\n\n- **Dependencies**\n  - Security: `lodash` (prototype pollution fix), `postcss` (XSS and file read hardening), `picomatch` (CVE fixes), `dompurify` (Shadow DOM/IN_PLACE hardening).\n  - Build tools: `vite@6.4.2` (path traversal protections), `rollup@4.60.4` (stable chunk hashes).\n  - Networking: `axios@1.16.1` (proxy leak fix; adds `https-proxy-agent`, `proxy-from-env@2`), `follow-redirects@1.16.0`, `ws@8.20.1`.\n  - Other: `minimatch@3.1.5`, `flatted@3.4.2`, `socket.io-parser@4.2.6`.\n\n- **Migration**\n  - If you passed a `URL` object to `axios` as `config.url`, switch to a string.\n  - Run a clean install to update lockfile and new install scripts.\n\n\u003csup\u003eWritten for commit 20892050342f34ca53a5397f59f42de4742e8d07. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/davins56/Anima-Protocol/pull/25?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies including lodash, postcss, and vite\n\u003e Updates 12 npm dependencies in [package.json](https://github.com/davins56/Anima-Protocol/pull/25/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519), with notable version bumps: `lodash` ^4.17.21 → ^4.18.1, `postcss` ^8.5.3 → ^8.5.15, and `vite` ^6.1.0 → ^6.4.2. The [package-lock.json](https://github.com/davins56/Anima-Protocol/pull/25/files#diff-053150b640a7ce75eff69d1a22cae7f0f94ad64ce9a855db544dda0929316519) is regenerated to reflect the new versions.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 2089205.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e\n\n\u003c!-- greptile_comment --\u003e\n\n\u003ch3\u003eGreptile Summary\u003c/h3\u003e\n\nThis is an automated dependency update from dependabot bumping 12 packages in `package.json` and `package-lock.json`. The majority of updates address security vulnerabilities across the dependency tree.\n\n- **Security-driven updates**: `lodash` (prototype pollution + code injection via `_.template` imports keys), `postcss` (arbitrary file read + XSS), `vite` (path traversal + `server.fs` bypass), `axios` (prototype pollution + HTTPS cleartext proxy leak), `dompurify` (Shadow DOM/DOM Clobbering bypasses), `flatted` (CWE-1321 prototype pollution), `picomatch` (CVE-2026-33671 \u0026 CVE-2026-33672), and `minimatch` (ReDoS).\n- **Bug-fix / maintenance updates**: `rollup` (chunk hash stability, variable rendering), `socket.io-parser`, `ws`, and `follow-redirects` (transitive, adds `sensitiveHeaders` option).\n- All changes are confined to the lockfile and top-level version specifiers; no application source code is modified.\n\n\u003ch3\u003eConfidence Score: 5/5\u003c/h3\u003e\n\nSafe to merge — all changes are lockfile and version-specifier updates resolving known security advisories with no application source modifications.\n\nEvery changed line is in `package.json` or `package-lock.json`. The bumped packages carry meaningful security fixes (prototype pollution, path traversal, XSS bypasses, cleartext proxy leak) that make upgrading the right call. No application logic is touched, and all new versions are patch or minor increments within the existing semver ranges already declared in the project.\n\nNo files require special attention — both changed files are dependency manifests with straightforward version bumps.\n\n\u003ch3\u003eImportant Files Changed\u003c/h3\u003e\n\n| Filename | Overview |\n|----------|----------|\n| package.json | Top-level version specifiers updated for lodash (^4.18.1), postcss (^8.5.15), and vite (^6.4.2); all bumps resolve known security advisories. |\n| package-lock.json | Lockfile regenerated to pin all 12 updated packages (and their platform-specific native binaries for rollup) at the new versions; integrity hashes look consistent with expected patterns. |\n\n\u003c/details\u003e\n\n\u003ch3\u003eFlowchart\u003c/h3\u003e\n\n```mermaid\n%%{init: {'theme': 'neutral'}}%%\nflowchart TD\n    A[dependabot PR #25] --\u003e B[package.json\\nversion specifiers updated]\n    A --\u003e C[package-lock.json\\nlockfile regenerated]\n\n    B --\u003e D[lodash ^4.18.1\\nPrototype pollution + _.template injection fixed]\n    B --\u003e E[postcss ^8.5.15\\nArbitrary file read + XSS fixed]\n    B --\u003e F[vite ^6.4.2\\nPath traversal + server.fs bypass fixed]\n\n    C --\u003e G[axios 1.16.1\\nHTTPS cleartext proxy leak fixed]\n    C --\u003e H[dompurify 3.4.7\\nShadow DOM / DOM Clobbering bypasses fixed]\n    C --\u003e I[flatted 3.4.2\\nCWE-1321 prototype pollution fixed]\n    C --\u003e J[picomatch 2.3.2 / 4.0.4\\nCVE-2026-33671, CVE-2026-33672 fixed]\n    C --\u003e K[minimatch 3.1.5\\nReDoS fixed]\n    C --\u003e L[rollup 4.60.4\\nChunk hash stability bug fixed]\n    C --\u003e M[socket.io-parser 4.2.6\\nMaintenance]\n    C --\u003e N[ws 8.20.1\\nMaintenance]\n    C --\u003e O[follow-redirects 1.16.0\\nsensitiveHeaders option added]\n```\n\n\u003csub\u003eReviews (1): Last reviewed commit: [\"chore(deps): bump the npm\\_and\\_yarn group...\"](https://github.com/davins56/anima-protocol/commit/20892050342f34ca53a5397f59f42de4742e8d07) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=34829241)\u003c/sub\u003e\n\n\u003c!-- /greptile_comment --\u003e","html_url":"https://github.com/davins56/Anima-Protocol/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/davins56%2FAnima-Protocol/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"},{"uuid":"4558761894","node_id":"PR_kwDOBXNst87hJQ14","number":43,"state":"closed","title":"build(deps): bump minimatch from 9.0.5 to 9.0.9","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-31T19:45:44.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-31T19:40:40.000Z","updated_at":"2026-05-31T19:46:53.000Z","time_to_close":304,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps [minimatch](https://github.com/isaacs/minimatch) from 9.0.5 to 9.0.9.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8a10e473e2e0ff03c2d4de308f257093af2bce21\"\u003e\u003ccode\u003e8a10e47\u003c/code\u003e\u003c/a\u003e 9.0.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c6f180636cebd4de2f9af7ef29ca4c9bf2eeef02\"\u003e\u003ccode\u003ec6f1806\u003c/code\u003e\u003c/a\u003e brace-expansion@2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/446cfa3e2aa3ef45bd4a27fa4418221e158489f6\"\u003e\u003ccode\u003e446cfa3\u003c/code\u003e\u003c/a\u003e 9.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8fa151ab95fd4e2acd6e1a81f10d02dc7c1098d3\"\u003e\u003ccode\u003e8fa151a\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/71b78a2a4cad3a40af08a39c065e71bbf69ea7f7\"\u003e\u003ccode\u003e71b78a2\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2de496f6d9362dd92460f35ffa6ff8de2907244b\"\u003e\u003ccode\u003e2de496f\u003c/code\u003e\u003c/a\u003e 9.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0d4616de9193bf1d359271662e92657bb51b2f75\"\u003e\u003ccode\u003e0d4616d\u003c/code\u003e\u003c/a\u003e limit nested extglob recursion, flatten extglobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7117ef381e74deace1c62a74d2298c8fe61d10ca\"\u003e\u003ccode\u003e7117ef3\u003c/code\u003e\u003c/a\u003e 9.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2418458b7fe82e0a1fd1a1b6f618c41c90b9848a\"\u003e\u003ccode\u003e2418458\u003c/code\u003e\u003c/a\u003e update deps, do not checkin dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1d1f531009d5e4a86083de37e5ef3f301e073986\"\u003e\u003ccode\u003e1d1f531\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v9.0.5...v9.0.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=minimatch\u0026package-manager=npm_and_yarn\u0026previous-version=9.0.5\u0026new-version=9.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/wodeni/wodeni.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/wodeni/wodeni.github.io/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wodeni%2Fwodeni.github.io/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"},{"uuid":"4556856867","node_id":"PR_kwDOQcL7xc7hDmcL","number":84,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T07:10:33.000Z","updated_at":"2026-05-31T07:10:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"express-rate-limit","old_version":"8.2.1","new_version":"8.2.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"qs","old_version":"6.14.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.2.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.2` |\n\n\nUpdates `express-rate-limit` from 8.2.1 to 8.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/a009ad6488448515b219eb9f4203c725eb328c8e\"\u003e\u003ccode\u003ea009ad6\u003c/code\u003e\u003c/a\u003e 8.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/72cd30e449615e50833ad92f88d8ae59faf9f467\"\u003e\u003ccode\u003e72cd30e\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/1ddb1cc8ba6a7774fae49fff0c45e2c2a9305d95\"\u003e\u003ccode\u003e1ddb1cc\u003c/code\u003e\u003c/a\u003e fix: handle ipv4 mapped to ipv6 (ghsa-46wh-pxpv-q5gq)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/compare/v8.2.1...v8.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~gamemaker1\"\u003egamemaker1\u003c/a\u003e, a new releaser for express-rate-limit since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eAttestation changes\u003c/summary\u003e\n\u003cp\u003eThis version has no provenance attestation, while the previous version (8.2.1) was attested. Review the \u003ca href=\"https://www.npmjs.com/package/express-rate-limit?activeTab=versions\"\u003epackage versions\u003c/a\u003e before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.0.1 to 10.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/7c49446ebe28718676dfe04495347ecafb0c494a\"\u003e\u003ccode\u003e7c49446\u003c/code\u003e\u003c/a\u003e 10.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/0f8291dc716d636519319f585d950d2f6d9ff20a\"\u003e\u003ccode\u003e0f8291d\u003c/code\u003e\u003c/a\u003e feat: Add Address4.fromByteArray() for API consistency with Address6 (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/180\"\u003e#180\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a57d8b76f2b1b46ac8543066ee11480cc7a3568b\"\u003e\u003ccode\u003ea57d8b7\u003c/code\u003e\u003c/a\u003e trigger CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/6bb5c5891ef07eb38d5e1c65afa6fd4ce49da13d\"\u003e\u003ccode\u003e6bb5c58\u003c/code\u003e\u003c/a\u003e update circl CI config to trigger a build\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v10.0.1...v10.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pathharper/organic-typing/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/pathharper/organic-typing/pull/84","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pathharper%2Forganic-typing/issues/84","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/84/packages"},{"uuid":"4556853995","node_id":"PR_kwDOPBWa087hDl6E","number":113,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript","security"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T07:09:04.000Z","updated_at":"2026-05-31T07:18:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"express-rate-limit","old_version":"8.2.1","new_version":"8.2.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"happy-dom","old_version":"20.0.10","new_version":"20.9.0","repository_url":"https://github.com/capricorn86/happy-dom"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"storybook","old_version":"10.0.7","new_version":"10.4.1","repository_url":"https://github.com/storybookjs/storybook"},{"name":"vite","old_version":"7.2.2","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.28.5","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@remix-run/router","old_version":"1.23.1","new_version":"1.23.3","repository_url":"https://github.com/remix-run/react-router"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"rollup","old_version":"4.53.2","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"serialize-javascript","old_version":"6.0.2","new_version":"7.0.5","repository_url":"https://github.com/yahoo/serialize-javascript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.2.2` |\n| [happy-dom](https://github.com/capricorn86/happy-dom) | `20.0.10` | `20.9.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `10.0.7` | `10.4.1` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.3` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.28.5` | `7.29.7` |\n| [@remix-run/router](https://github.com/remix-run/react-router/tree/HEAD/packages/router) | `1.23.1` | `1.23.3` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [rollup](https://github.com/rollup/rollup) | `4.53.2` | `4.60.4` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.5` |\n\n\nUpdates `express-rate-limit` from 8.2.1 to 8.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/a009ad6488448515b219eb9f4203c725eb328c8e\"\u003e\u003ccode\u003ea009ad6\u003c/code\u003e\u003c/a\u003e 8.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/72cd30e449615e50833ad92f88d8ae59faf9f467\"\u003e\u003ccode\u003e72cd30e\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/1ddb1cc8ba6a7774fae49fff0c45e2c2a9305d95\"\u003e\u003ccode\u003e1ddb1cc\u003c/code\u003e\u003c/a\u003e fix: handle ipv4 mapped to ipv6 (ghsa-46wh-pxpv-q5gq)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/compare/v8.2.1...v8.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~gamemaker1\"\u003egamemaker1\u003c/a\u003e, a new releaser for express-rate-limit since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eAttestation changes\u003c/summary\u003e\n\u003cp\u003eThis version has no provenance attestation, while the previous version (8.2.1) was attested. Review the \u003ca href=\"https://www.npmjs.com/package/express-rate-limit?activeTab=versions\"\u003epackage versions\u003c/a\u003e before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `happy-dom` from 20.0.10 to 20.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/capricorn86/happy-dom/releases\"\u003ehappy-dom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev20.9.0\u003c/h2\u003e\n\u003ch3\u003e:art: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds support for event listener properties on Window (e.g. \u003ccode\u003eWindow.onkeydown\u003c/code\u003e) - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2131\"\u003e#2131\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.9\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2117\"\u003e#2117\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eA security advisory (\u003ca href=\"https://github.com/capricorn86/happy-dom/security/advisories/GHSA-w4gp-fjgq-3q4g\"\u003eGHSA-w4gp-fjgq-3q4g\u003c/a\u003e) was reported for this security vulnerability. Big thanks to \u003ca href=\"https://github.com/r74tech\"\u003e\u003ccode\u003e@​r74tech\u003c/code\u003e\u003c/a\u003e for reporting this!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.8\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes issue where export names can be interpolated as executable code in ESM - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2113\"\u003e#2113\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eA security advisory (\u003ca href=\"https://github.com/capricorn86/happy-dom/security/advisories/GHSA-6q6h-j7hj-3r64\"\u003eGHSA-6q6h-j7hj-3r64\u003c/a\u003e) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to \u003ca href=\"https://github.com/tndud042713\"\u003e\u003ccode\u003e@​tndud042713\u003c/code\u003e\u003c/a\u003e for reporting this!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.7\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace implementing Node.js \u003ccode\u003eConsole\u003c/code\u003e with common \u003ccode\u003eIConsole\u003c/code\u003e interface to support latest version of Bun - By \u003cstrong\u003e\u003ca href=\"https://github.com/YevheniiKotyrlo\"\u003e\u003ccode\u003e@​YevheniiKotyrlo\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1845\"\u003e#1845\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.6\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eRequest.formData()\u003c/code\u003e should honor \u0026quot;Content-Type\u0026quot; header - By \u003cstrong\u003e\u003ca href=\"https://github.com/brianhelba\"\u003e\u003ccode\u003e@​brianhelba\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2106\"\u003e#2106\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.5\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes error thrown when modifying DOM structure in \u003ccode\u003econnectedCallback()\u003c/code\u003e - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.4\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace ConsoleConstructor import with indexed access type - By \u003cstrong\u003e\u003ca href=\"https://github.com/YevheniiKotyrlo\"\u003e\u003ccode\u003e@​YevheniiKotyrlo\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1845\"\u003e#1845\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.3\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow error if event is not of type \u003ccode\u003eEvent\u003c/code\u003e in \u003ccode\u003eEventTarget.dispatchEvent()\u003c/code\u003e - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2054\"\u003e#2054\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.2\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResets \u003ccode\u003eEvent.cancelBubble\u003c/code\u003e and \u003ccode\u003eEvent.defaultPrevented\u003c/code\u003e when calling \u003ccode\u003eEvent.initEvent()\u003c/code\u003e - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2090\"\u003e#2090\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.1\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u0026quot;inert\u0026quot; attribute block focus interactions - By \u003cstrong\u003e\u003ca href=\"https://github.com/coffeeandwork\"\u003e\u003ccode\u003e@​coffeeandwork\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1422\"\u003e#1422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.0\u003c/h2\u003e\n\u003ch3\u003e:art: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds support for setPointerCapture, hasPointerCapture, and releasePointerCapture to Element - By \u003cstrong\u003e\u003ca href=\"https://github.com/coffeeandwork\"\u003e\u003ccode\u003e@​coffeeandwork\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1733\"\u003e#1733\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.7.2\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eProperly decode CSS escape sequences in attribute selector values - By \u003cstrong\u003e\u003ca href=\"https://github.com/silverwind\"\u003e\u003ccode\u003e@​silverwind\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/4090adefaf116143ebabf3226581c1261c09e877\"\u003e\u003ccode\u003e4090ade\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/0\"\u003e#0\u003c/a\u003e Fix github release workflow (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2140\"\u003e#2140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/c7c2bb506377f2b38218486b166b89a9b0e5b174\"\u003e\u003ccode\u003ec7c2bb5\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/0\"\u003e#0\u003c/a\u003e Fix github release workflow (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2139\"\u003e#2139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/d541143d69e6593422e32c7c3853213ee04af545\"\u003e\u003ccode\u003ed541143\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/0\"\u003e#0\u003c/a\u003e Fix github release workflow (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2138\"\u003e#2138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/a78d89e7e1cf77c42cb04833b9d9fba30a3e868a\"\u003e\u003ccode\u003ea78d89e\u003c/code\u003e\u003c/a\u003e feat: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2131\"\u003e#2131\u003c/a\u003e Adds support for event listener properties on Window (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2132\"\u003e#2132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/68324c21d7b98f53f7bb5a7b3e185bda7106e751\"\u003e\u003ccode\u003e68324c2\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2117\"\u003e#2117\u003c/a\u003e Fixes issue related to cookies from the current origin being for...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/5437fdf8f13adb9590f9f52616d9f69c3ee8db3c\"\u003e\u003ccode\u003e5437fdf\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2113\"\u003e#2113\u003c/a\u003e Fixes issue where export names can be interpolated as executable...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/7e97acbc0de9e9e8515b828bb1bb60f6c65eae44\"\u003e\u003ccode\u003e7e97acb\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1845\"\u003e#1845\u003c/a\u003e Replace implementing Node js Console with common IConsole interf...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/3373929819a55988218a32c06816c5754828f59d\"\u003e\u003ccode\u003e3373929\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2106\"\u003e#2106\u003c/a\u003e \u003ccode\u003eRequest.formData()\u003c/code\u003e should honor \u003ccode\u003eContent-Type\u003c/code\u003e header (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2107\"\u003e#2107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/55c17ba6d2883ce54010b041be165db8f6c5c974\"\u003e\u003ccode\u003e55c17ba\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2110\"\u003e#2110\u003c/a\u003e Fixes error thrown when modifying DOM structure in connectedCall...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/82a0888cb2c87a6123e05424b528f8e8c9b3e426\"\u003e\u003ccode\u003e82a0888\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1845\"\u003e#1845\u003c/a\u003e Replace ConsoleConstructor import with indexed access type (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2095\"\u003e#2095\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/capricorn86/happy-dom/compare/v20.0.10...v20.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for happy-dom since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `storybook` from 10.0.7 to 10.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/releases\"\u003estorybook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.4.1\u003c/h2\u003e\n\u003ch2\u003e10.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAngular: Detect model() signal outputs (type inference + compodoc autodocs + runtime binding) - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34833\"\u003e#34833\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eBuild: Upgrade type-fest to latest version 5.6.0 - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34791\"\u003e#34791\u003c/a\u003e, thanks \u003ca href=\"https://github.com/tobiasdiez\"\u003e\u003ccode\u003e@​tobiasdiez\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Run `npx expo install --fix` after init for Expo projects - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34803\"\u003e#34803\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Support `peerDependencies` in framework detection for component libraries - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34516\"\u003e#34516\u003c/a\u003e, thanks \u003ca href=\"https://github.com/zhyd1997\"\u003e\u003ccode\u003e@​zhyd1997\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNext.js: Add useLinkStatus mock to next/link export mock - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34593\"\u003e#34593\u003c/a\u003e, thanks \u003ca href=\"https://github.com/philwolstenholme\"\u003e\u003ccode\u003e@​philwolstenholme\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eVue3: Specify a specific version for non-dev dependency - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34794\"\u003e#34794\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ScopeyNZ\"\u003e\u003ccode\u003e@​ScopeyNZ\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev10.4.0\u003c/h2\u003e\n\u003ch2\u003e10.4.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003cem\u003eAI-assisted setup, change-aware review, and stronger framework support\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eStorybook 10.4 contains hundreds of fixes and improvements including:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding\u003c/li\u003e\n\u003cli\u003e🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes\u003c/li\u003e\n\u003cli\u003e🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar\u003c/li\u003e\n\u003cli\u003e⚛️ TanStack React: New `@storybook/tanstack-react` framework with routing and server function support\u003c/li\u003e\n\u003cli\u003e🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server\u003c/li\u003e\n\u003cli\u003e📱 React Native: Zero config RN project initialization\u003c/li\u003e\n\u003cli\u003e🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eA11y: Add aria-live announcements via \u003ccode\u003e@​react-aria/live-announcer\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/33970\"\u003e#33970\u003c/a\u003e, thanks \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eA11y: Improve boolean control contrast in forced colors mode - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34204\"\u003e#34204\u003c/a\u003e, thanks \u003ca href=\"https://github.com/anchmelev\"\u003e\u003ccode\u003e@​anchmelev\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eActions: Fix state mutation and keep newest actions when limit reached - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34286\"\u003e#34286\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Docs: Add Reset story button to re-render stories in docs - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34086\"\u003e#34086\u003c/a\u003e, thanks \u003ca href=\"https://github.com/6810779s\"\u003e\u003ccode\u003e@​6810779s\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Docs: Avoid rerendering static Source blocks - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34206\"\u003e#34206\u003c/a\u003e, thanks \u003ca href=\"https://github.com/anchmelev\"\u003e\u003ccode\u003e@​anchmelev\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Vitest: Use Vitest's provide-API for injecting values - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34518\"\u003e#34518\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JReinhold\"\u003e\u003ccode\u003e@​JReinhold\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Add --extensive for an extra prompt - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34730\"\u003e#34730\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Allow failed stories to persist - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34717\"\u003e#34717\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Keep sample content if users want onboarding - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34704\"\u003e#34704\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Rework ai-init-opt-in logic - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34739\"\u003e#34739\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAngular: Use Story ID for renderer IDs (including standalone stories) - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/33982\"\u003e#33982\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ValentinFunk\"\u003e\u003ccode\u003e@​ValentinFunk\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAutomigration: Move RN on-device addons to `deviceAddons` - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34659\"\u003e#34659\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eBuilder-Vite: Add onModuleGraphChange method - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34323\"\u003e#34323\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ghengeveld\"\u003e\u003ccode\u003e@​ghengeveld\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Add automigrate check for 'storybook' package name conflict - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34290\"\u003e#34290\u003c/a\u003e, thanks \u003ca href=\"https://github.com/whdjh\"\u003e\u003ccode\u003e@​whdjh\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Add react-vite to tanstack-react automigration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34718\"\u003e#34718\u003c/a\u003e, thanks \u003ca href=\"https://github.com/huang-julien\"\u003e\u003ccode\u003e@​huang-julien\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Change mock event detection - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34586\"\u003e#34586\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Explicitly tell whether smoke tests passed or failed - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34419\"\u003e#34419\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Fix Next.js Vite automigration corrupting configs already using `@storybook/nextjs-vite` - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34249\"\u003e#34249\u003c/a\u003e, thanks \u003ca href=\"https://github.com/nathanjessen\"\u003e\u003ccode\u003e@​nathanjessen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Fix agentic check - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34678\"\u003e#34678\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Handle minimumReleaseAge conflicts across package managers - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34769\"\u003e#34769\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JReinhold\"\u003e\u003ccode\u003e@​JReinhold\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Improve package incompatibility detection and warning - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34559\"\u003e#34559\u003c/a\u003e, thanks \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Improve self-healing scoring observability - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34699\"\u003e#34699\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md\"\u003estorybook's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAngular: Detect model() signal outputs (type inference + compodoc autodocs + runtime binding) - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34833\"\u003e#34833\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eBuild: Upgrade type-fest to latest version 5.6.0 - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34791\"\u003e#34791\u003c/a\u003e, thanks \u003ca href=\"https://github.com/tobiasdiez\"\u003e\u003ccode\u003e@​tobiasdiez\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Run \u003ccode\u003enpx expo install --fix\u003c/code\u003e after init for Expo projects - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34803\"\u003e#34803\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Support \u003ccode\u003epeerDependencies\u003c/code\u003e in framework detection for component libraries - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34516\"\u003e#34516\u003c/a\u003e, thanks \u003ca href=\"https://github.com/zhyd1997\"\u003e\u003ccode\u003e@​zhyd1997\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNext.js: Add useLinkStatus mock to next/link export mock - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34593\"\u003e#34593\u003c/a\u003e, thanks \u003ca href=\"https://github.com/philwolstenholme\"\u003e\u003ccode\u003e@​philwolstenholme\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eVue3: Specify a specific version for non-dev dependency - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34794\"\u003e#34794\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ScopeyNZ\"\u003e\u003ccode\u003e@​ScopeyNZ\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.4.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003cem\u003eAI-assisted setup, change-aware review, and stronger framework support\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eStorybook 10.4 contains hundreds of fixes and improvements including:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding\u003c/li\u003e\n\u003cli\u003e🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes\u003c/li\u003e\n\u003cli\u003e🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar\u003c/li\u003e\n\u003cli\u003e⚛️ TanStack React: New \u003ccode\u003e@storybook/tanstack-react\u003c/code\u003e framework with routing and server function support\u003c/li\u003e\n\u003cli\u003e🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server\u003c/li\u003e\n\u003cli\u003e📱 React Native: Zero config RN project initialization\u003c/li\u003e\n\u003cli\u003e🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eA11y: Add aria-live announcements via \u003ccode\u003e@​react-aria/live-announcer\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/33970\"\u003e#33970\u003c/a\u003e, thanks \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eA11y: Improve boolean control contrast in forced colors mode - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34204\"\u003e#34204\u003c/a\u003e, thanks \u003ca href=\"https://github.com/anchmelev\"\u003e\u003ccode\u003e@​anchmelev\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eActions: Fix state mutation and keep newest actions when limit reached - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34286\"\u003e#34286\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Docs: Add Reset story button to re-render stories in docs - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34086\"\u003e#34086\u003c/a\u003e, thanks \u003ca href=\"https://github.com/6810779s\"\u003e\u003ccode\u003e@​6810779s\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Docs: Avoid rerendering static Source blocks - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34206\"\u003e#34206\u003c/a\u003e, thanks \u003ca href=\"https://github.com/anchmelev\"\u003e\u003ccode\u003e@​anchmelev\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Vitest: Use Vitest's provide-API for injecting values - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34518\"\u003e#34518\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JReinhold\"\u003e\u003ccode\u003e@​JReinhold\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Add --extensive for an extra prompt - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34730\"\u003e#34730\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Allow failed stories to persist - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34717\"\u003e#34717\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Keep sample content if users want onboarding - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34704\"\u003e#34704\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Rework ai-init-opt-in logic - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34739\"\u003e#34739\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAngular: Use Story ID for renderer IDs (including standalone stories) - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/33982\"\u003e#33982\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ValentinFunk\"\u003e\u003ccode\u003e@​ValentinFunk\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAutomigration: Move RN on-device addons to \u003ccode\u003edeviceAddons\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34659\"\u003e#34659\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eBuilder-Vite: Add onModuleGraphChange method - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34323\"\u003e#34323\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ghengeveld\"\u003e\u003ccode\u003e@​ghengeveld\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Add automigrate check for 'storybook' package name conflict - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34290\"\u003e#34290\u003c/a\u003e, thanks \u003ca href=\"https://github.com/whdjh\"\u003e\u003ccode\u003e@​whdjh\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Add react-vite to tanstack-react automigration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34718\"\u003e#34718\u003c/a\u003e, thanks \u003ca href=\"https://github.com/huang-julien\"\u003e\u003ccode\u003e@​huang-julien\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Change mock event detection - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34586\"\u003e#34586\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Explicitly tell whether smoke tests passed or failed - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34419\"\u003e#34419\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Fix Next.js Vite automigration corrupting configs already using \u003ccode\u003e@storybook/nextjs-vite\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34249\"\u003e#34249\u003c/a\u003e, thanks \u003ca href=\"https://github.com/nathanjessen\"\u003e\u003ccode\u003e@​nathanjessen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Fix agentic check - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34678\"\u003e#34678\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Handle minimumReleaseAge conflicts across package managers - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34769\"\u003e#34769\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JReinhold\"\u003e\u003ccode\u003e@​JReinhold\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Improve package incompatibility detection and warning - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34559\"\u003e#34559\u003c/a\u003e, thanks \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Improve self-healing scoring observability - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34699\"\u003e#34699\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Introduce Agentic Setup workflow - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34297\"\u003e#34297\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Remove extensive prompt option  - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34740\"\u003e#34740\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/cc19ae1a2145e8f7cda8dc869f1b90d5346dcedb\"\u003e\u003ccode\u003ecc19ae1\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;10.4.0\u0026quot; to \u0026quot;10.4.1\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/f8c16d115cfcf0f79125b358266c37e5343bb70d\"\u003e\u003ccode\u003ef8c16d1\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;10.4.0-beta.0\u0026quot; to \u0026quot;10.4.0\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/e02da0b0d4cf9673999184b8f11c85b026954b69\"\u003e\u003ccode\u003ee02da0b\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;10.4.0-alpha.19\u0026quot; to \u0026quot;10.4.0-beta.0\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/6fe5959088c671aab5abe1d633f62d2937b8ef47\"\u003e\u003ccode\u003e6fe5959\u003c/code\u003e\u003c/a\u003e Merge branch 'next' into next-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/f9810c79241094cb2f3b01e011e8641f9f59f8eb\"\u003e\u003ccode\u003ef9810c7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/storybookjs/storybook/tree/HEAD/code/core/issues/34769\"\u003e#34769\u003c/a\u003e from storybookjs/jeppe/handle-minimum-release-age\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/db9d52b4a9aae0b7bd8b0903fa39719d0a441b6a\"\u003e\u003ccode\u003edb9d52b\u003c/code\u003e\u003c/a\u003e format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/bdc688fb4046bfe61954b8954e522c439764c07d\"\u003e\u003ccode\u003ebdc688f\u003c/code\u003e\u003c/a\u003e fix documentation string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/eed7d2aae813d1160850f79df93755f7870e00b2\"\u003e\u003ccode\u003eeed7d2a\u003c/code\u003e\u003c/a\u003e simplify error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/429fb3e42609382e9d578cce3c8aa9817182c3c1\"\u003e\u003ccode\u003e429fb3e\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;10.4.0-alpha.18\u0026quot; to \u0026quot;10.4.0-alpha.19\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/79a8667f62ca826a3b0f1fb167e91260cf7bc911\"\u003e\u003ccode\u003e79a8667\u003c/code\u003e\u003c/a\u003e format\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/storybookjs/storybook/commits/v10.4.1/code/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.2.2 to 7.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.2...v7.3.3\"\u003e7.3.3\u003c/a\u003e (2026-05-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid destructure lowering for newer safari (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22346\"\u003e#22346\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e5ab51c0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca31424cccb075c88131132b929a63527d0e2b69\"\u003e\u003ccode\u003eca31424\u003c/code\u003e\u003c/a\u003e release: v7.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e\u003ccode\u003e5ab51c0\u003c/code\u003e\u003c/a\u003e fix: avoid destructure lowering for newer safari (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22346\"\u003e#22346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.3/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.28.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@remix-run/router` from 1.23.1 to 1.23.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/remix-run/react-router/blob/@remix-run/router@1.23.3/packages/router/CHANGELOG.md\"\u003e@​remix-run/router's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLift \u003ccode\u003edecodePath\u003c/code\u003e call out of hot path during route matching (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/15119\"\u003e#15119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNormalize double slashes in redirect paths (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/15118\"\u003e#15118\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.23.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate redirect locations (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14707\"\u003e#14707\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/651211cd615a4b3a1d3f6ca8465eedbcac4f146c\"\u003e\u003ccode\u003e651211c\u003c/code\u003e\u003c/a\u003e Release v6.30.4 (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/15120\"\u003e#15120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/4deb9c5234b0b81db910b635e31e3d2ce92937d1\"\u003e\u003ccode\u003e4deb9c5\u003c/code\u003e\u003c/a\u003e Lift decodePath call (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/15119\"\u003e#15119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/d77f6b1db8202e2160098432df349dbed118c948\"\u003e\u003ccode\u003ed77f6b1\u003c/code\u003e\u003c/a\u003e Normalize double slashes in redirect paths (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/15118\"\u003e#15118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/f82a6f9a75a1284e33d91241ebe9242001031d9d\"\u003e\u003ccode\u003ef82a6f9\u003c/code\u003e\u003c/a\u003e Bring new release process into v6 branch (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/15115\"\u003e#15115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/c662ca366a414bf42624dd6cd20a7c414b2602e3\"\u003e\u003ccode\u003ec662ca3\u003c/code\u003e\u003c/a\u003e chore: Update version for release (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/14713\"\u003e#14713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/98ad6912daec8df0d911f786f18006048efd7ade\"\u003e\u003ccode\u003e98ad691\u003c/code\u003e\u003c/a\u003e chore: Update version for release (pre-v6) (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/14710\"\u003e#14710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/2fbb84c83dae3695a0435beb0c3c0b467b7c2da2\"\u003e\u003ccode\u003e2fbb84c\u003c/code\u003e\u003c/a\u003e Validate redirect locations (v6) (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/14707\"\u003e#14707\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/remix-run/react-router/commits/@remix-run/router@1.23.3/packages/router\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github...\n\n_Description has been truncated_","html_url":"https://github.com/palmtreecorporation/testapp-sdk/pull/113","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/palmtreecorporation%2Ftestapp-sdk/issues/113","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/113/packages"},{"uuid":"4556800382","node_id":"PR_kwDOSsxf0M7hDb1x","number":2,"state":"open","title":"chore(deps): bump the production-dependencies group with 23 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T06:40:51.000Z","updated_at":"2026-05-31T06:41:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"production-dependencies","update_count":23,"packages":[{"name":"@clack/prompts","old_version":"0.11.0","new_version":"1.5.0","repository_url":"https://github.com/bombshell-dev/clack"},{"name":"@floating-ui/dom","old_version":"1.7.4","new_version":"1.7.6","repository_url":"https://github.com/floating-ui/floating-ui"},{"name":"esbuild-sass-plugin","old_version":"3.6.0","new_version":"3.7.0","repository_url":"https://github.com/glromeo/esbuild-sass-plugin"},{"name":"flexsearch","old_version":"0.8.205","new_version":"0.8.212","repository_url":"https://github.com/nextapps-de/flexsearch"},{"name":"globby","old_version":"16.1.0","new_version":"16.2.0","repository_url":"https://github.com/sindresorhus/globby"},{"name":"lightningcss","old_version":"1.31.1","new_version":"1.32.0","repository_url":"https://github.com/parcel-bundler/lightningcss"},{"name":"minimatch","old_version":"10.1.1","new_version":"10.2.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"pixi.js","old_version":"8.15.0","new_version":"8.18.1","repository_url":"https://github.com/pixijs/pixijs"},{"name":"preact","old_version":"10.28.2","new_version":"10.29.2","repository_url":"https://github.com/preactjs/preact"},{"name":"preact-render-to-string","old_version":"6.6.5","new_version":"6.7.0","repository_url":"https://github.com/preactjs/preact-render-to-string"},{"name":"rehype-citation","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/timlrx/rehype-citation"},{"name":"rehype-pretty-code","old_version":"0.14.1","new_version":"0.14.3","repository_url":"https://github.com/rehype-pretty/rehype-pretty-code"},{"name":"satori","old_version":"0.19.1","new_version":"0.26.0","repository_url":"https://github.com/vercel/satori"},{"name":"serve-handler","old_version":"6.1.6","new_version":"6.1.7","repository_url":"https://github.com/vercel/serve-handler"},{"name":"shiki","old_version":"1.26.2","new_version":"4.1.0","repository_url":"https://github.com/shikijs/shiki"},{"name":"toml","old_version":"3.0.0","new_version":"4.1.1","repository_url":"https://github.com/BinaryMuse/toml-node"},{"name":"workerpool","old_version":"10.0.1","new_version":"10.0.2","repository_url":"https://github.com/josdejong/workerpool"},{"name":"ws","old_version":"8.19.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"@types/node","old_version":"25.0.10","new_version":"25.9.1","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"esbuild","old_version":"0.27.2","new_version":"0.27.7","repository_url":"https://github.com/evanw/esbuild"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.3","repository_url":"https://github.com/prettier/prettier"},{"name":"tsx","old_version":"4.21.0","new_version":"4.22.3","repository_url":"https://github.com/privatenumber/tsx"},{"name":"typescript","old_version":"5.9.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the production-dependencies group with 23 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts) | `0.11.0` | `1.5.0` |\n| [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) | `1.7.4` | `1.7.6` |\n| [esbuild-sass-plugin](https://github.com/glromeo/esbuild-sass-plugin) | `3.6.0` | `3.7.0` |\n| [flexsearch](https://github.com/nextapps-de/flexsearch) | `0.8.205` | `0.8.212` |\n| [globby](https://github.com/sindresorhus/globby) | `16.1.0` | `16.2.0` |\n| [lightningcss](https://github.com/parcel-bundler/lightningcss) | `1.31.1` | `1.32.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `10.1.1` | `10.2.5` |\n| [pixi.js](https://github.com/pixijs/pixijs) | `8.15.0` | `8.18.1` |\n| [preact](https://github.com/preactjs/preact) | `10.28.2` | `10.29.2` |\n| [preact-render-to-string](https://github.com/preactjs/preact-render-to-string) | `6.6.5` | `6.7.0` |\n| [rehype-citation](https://github.com/timlrx/rehype-citation) | `2.3.1` | `2.3.2` |\n| [rehype-pretty-code](https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core) | `0.14.1` | `0.14.3` |\n| [satori](https://github.com/vercel/satori) | `0.19.1` | `0.26.0` |\n| [serve-handler](https://github.com/vercel/serve-handler) | `6.1.6` | `6.1.7` |\n| [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) | `1.26.2` | `4.1.0` |\n| [toml](https://github.com/BinaryMuse/toml-node) | `3.0.0` | `4.1.1` |\n| [workerpool](https://github.com/josdejong/workerpool) | `10.0.1` | `10.0.2` |\n| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.21.0` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.10` | `25.9.1` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.27.2` | `0.27.7` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |\n| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.3` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |\n\nUpdates `@clack/prompts` from 0.11.0 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bombshell-dev/clack/releases\"\u003e@​clack/prompts's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/543\"\u003e#543\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/florian-lefebvre\"\u003e\u003ccode\u003e@​florian-lefebvre\u003c/code\u003e\u003c/a\u003e! - Adds support for Standard Schema validation\u003c/p\u003e\n\u003cp\u003ePrompts accept an optional \u003ccode\u003evalidate()\u003c/code\u003e function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.\u003c/p\u003e\n\u003cp\u003eLibraries following the \u003ca href=\"https://github.com/standard-schema/standard-schema\"\u003eStandard Schema specification\u003c/a\u003e are now natively supported. For example, using \u003ca href=\"https://arktype.io/\"\u003eArktype\u003c/a\u003e:\u003c/p\u003e\n\u003cpre lang=\"diff\"\u003e\u003ccode\u003eimport { text } from '@clack/prompts';\nimport { type } from 'arktype';\n\u003cp\u003econst name = await text({\nmessage: 'Enter your email',\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003evalidate: type('string.email').describe('Invalid email'),\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/542\"\u003e#542\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/534\"\u003e#534\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/MattStypa\"\u003e\u003ccode\u003e@​MattStypa\u003c/code\u003e\u003c/a\u003e! - Fixed spaces and uppercase characters in multiline prompt\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/540\"\u003e#540\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e284677e: Support scrolling and \u003ccode\u003emaxItems\u003c/code\u003e option for \u003ccode\u003egroupMultiselect\u003c/code\u003e, and removes indent when \u003ccode\u003ewithGuide\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eaab46a2: docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts\u003c/li\u003e\n\u003cli\u003e54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [54be8d7]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eea5702e: fix: add engines field expressing node \u0026gt;=20.12 requirement\u003c/li\u003e\n\u003cli\u003e814ab9a: Add new multiline prompt for multi-line text input.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md\"\u003e@​clack/prompts's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/543\"\u003e#543\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/florian-lefebvre\"\u003e\u003ccode\u003e@​florian-lefebvre\u003c/code\u003e\u003c/a\u003e! - Adds support for Standard Schema validation\u003c/p\u003e\n\u003cp\u003ePrompts accept an optional \u003ccode\u003evalidate()\u003c/code\u003e function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.\u003c/p\u003e\n\u003cp\u003eLibraries following the \u003ca href=\"https://github.com/standard-schema/standard-schema\"\u003eStandard Schema specification\u003c/a\u003e are now natively supported. For example, using \u003ca href=\"https://arktype.io/\"\u003eArktype\u003c/a\u003e:\u003c/p\u003e\n\u003cpre lang=\"diff\"\u003e\u003ccode\u003eimport { text } from '@clack/prompts';\nimport { type } from 'arktype';\n\u003cp\u003econst name = await text({\nmessage: 'Enter your email',\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003evalidate: type('string.email').describe('Invalid email'),\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/542\"\u003e#542\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/534\"\u003e#534\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/MattStypa\"\u003e\u003ccode\u003e@​MattStypa\u003c/code\u003e\u003c/a\u003e! - Fixed spaces and uppercase characters in multiline prompt\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/540\"\u003e#540\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e284677e: Support scrolling and \u003ccode\u003emaxItems\u003c/code\u003e option for \u003ccode\u003egroupMultiselect\u003c/code\u003e, and removes indent when \u003ccode\u003ewithGuide\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eaab46a2: docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts\u003c/li\u003e\n\u003cli\u003e54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [54be8d7]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.3.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eea5702e: fix: add engines field expressing node \u0026gt;=20.12 requirement\u003c/li\u003e\n\u003cli\u003e814ab9a: Add new multiline prompt for multi-line text input.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/030ba4d776e5985050c0e2712da7008bd93b8847\"\u003e\u003ccode\u003e030ba4d\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/539\"\u003e#539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e feat: standard schema for validation (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/542\"\u003e#542\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/540\"\u003e#540\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e fix: spaces and uppercase characters in multiline input (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/534\"\u003e#534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/fe2bcd278635fc0aaf2482ed0aea82d57ae1c421\"\u003e\u003ccode\u003efe2bcd2\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/aab46a2a7ed85627743bdbf0da30acc8b2ace385\"\u003e\u003ccode\u003eaab46a2\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/523\"\u003e#523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/54be8d7a75c952b2157e94a78f70d40fa2d5321e\"\u003e\u003ccode\u003e54be8d7\u003c/code\u003e\u003c/a\u003e fix: trim lines from correct end (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/532\"\u003e#532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/284677eaae0c461dafccfe1eb3e8c32fcebd6bbf\"\u003e\u003ccode\u003e284677e\u003c/code\u003e\u003c/a\u003e feat(prompts): support maxItems in groupMultiselect (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/528\"\u003e#528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/05bfd4353592016cf3f4c941f663fab84c14edb2\"\u003e\u003ccode\u003e05bfd43\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.5.0/packages/prompts\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​clack/prompts\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@floating-ui/dom` from 1.7.4 to 1.7.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/floating-ui/floating-ui/releases\"\u003e@​floating-ui/dom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​floating-ui/dom\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.7.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type contains \u003ccode\u003edetectOverflow\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003eperf: bundle and runtime improvements\u003c/li\u003e\n\u003cli\u003efeat(autoUpdate): allow not passing a floating element\u003c/li\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/utils@0.2.11\u003c/code\u003e, \u003ccode\u003e@floating-ui/core@1.7.5\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md\"\u003e@​floating-ui/dom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.7.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type contains \u003ccode\u003edetectOverflow\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003eperf: bundle and runtime improvements\u003c/li\u003e\n\u003cli\u003efeat(autoUpdate): allow not passing a floating element\u003c/li\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/utils@0.2.11\u003c/code\u003e, \u003ccode\u003e@floating-ui/core@1.7.5\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.5\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/core@1.7.4\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/d8020ee98c702caa31fa9b4d929ca782c6b58c59\"\u003e\u003ccode\u003ed8020ee\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3445\"\u003e#3445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/6e63557c89af9b92f50635cdc993a4b7bbcd9345\"\u003e\u003ccode\u003e6e63557\u003c/code\u003e\u003c/a\u003e feat(autoUpdate): allow not passing a floating element (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3399\"\u003e#3399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/473aa1e2ff22594ed782842d2d9e816a982188cc\"\u003e\u003ccode\u003e473aa1e\u003c/code\u003e\u003c/a\u003e perf: bundle and runtime improvements (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3448\"\u003e#3448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/a82e45f175bb1a518d3934d747c1b767f558d171\"\u003e\u003ccode\u003ea82e45f\u003c/code\u003e\u003c/a\u003e fix(utils): stop treating \u003ccode\u003econtainer-type\u003c/code\u003e as creating containing block (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3437\"\u003e#3437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/eedda374962cc3fd6c5add6b6cd54b0bea9baa60\"\u003e\u003ccode\u003eeedda37\u003c/code\u003e\u003c/a\u003e fix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type includes \u003ccode\u003edetectOverflow\u003c/code\u003e type (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/b4d1407cbda07ef13bcac24ee0b3ac67216c9c57\"\u003e\u003ccode\u003eb4d1407\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3415\"\u003e#3415\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.7.6/packages/dom\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​floating-ui/dom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild-sass-plugin` from 3.6.0 to 3.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/glromeo/esbuild-sass-plugin/releases\"\u003eesbuild-sass-plugin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.7.0 Hasta la vista\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/glromeo/esbuild-sass-plugin/commits/v3.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flexsearch` from 0.8.205 to 0.8.212\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nextapps-de/flexsearch/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `globby` from 16.1.0 to 16.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/globby/releases\"\u003eglobby's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/sindresorhus/globby?tab=readme-ov-file#globalgitignore\"\u003e\u003ccode\u003eglobalGitignore\u003c/code\u003e\u003c/a\u003e option  51555b2\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.1...v16.2.0\"\u003ehttps://github.com/sindresorhus/globby/compare/v16.1.1...v16.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev16.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix negation patterns with absolute filesystem paths  72e9916\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.0...v16.1.1\"\u003ehttps://github.com/sindresorhus/globby/compare/v16.1.0...v16.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/60e816778abd4fc805d8ce2e981567759b035504\"\u003e\u003ccode\u003e60e8167\u003c/code\u003e\u003c/a\u003e 16.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/51555b26d780002f2fe7b2aaddc45f36d8ad339d\"\u003e\u003ccode\u003e51555b2\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eglobalGitignore\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/8d946e288354c8ed87e7848e8a9f684c4b840f28\"\u003e\u003ccode\u003e8d946e2\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/ff45aa5140eaf6c9e6637fdbfa19ec23d55bd388\"\u003e\u003ccode\u003eff45aa5\u003c/code\u003e\u003c/a\u003e 16.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/72e991615df2da0ff3c12980ddfcdc60e4848f6f\"\u003e\u003ccode\u003e72e9916\u003c/code\u003e\u003c/a\u003e Fix negation patterns with absolute filesystem paths\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.0...v16.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lightningcss` from 1.31.1 to 1.32.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/parcel-bundler/lightningcss/releases\"\u003elightningcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.32.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/880\"\u003eEnable custom resolvers to mark imports as external\u003c/a\u003e. Resolvers may now return \u003ccode\u003e{external: string}\u003c/code\u003e to mark an import as external. This will leave the \u003ccode\u003e@import\u003c/code\u003e in the output CSS instead of bundling it. See \u003ca href=\"https://lightningcss.dev/bundling.html#custom-resolvers\"\u003ethe docs\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1170\"\u003eAllow visitors to add dependencies\u003c/a\u003e. Visitors may now be functions which receive an \u003ccode\u003eaddDependency\u003c/code\u003e function as an option. Dependencies may be used by tools that call Lightning CSS such as bundlers to implement file watching or caching. See \u003ca href=\"https://lightningcss.dev/transforms.html#dependencies\"\u003ethe docs\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1148\"\u003eAdd \u003ccode\u003emix-blend-mode\u003c/code\u003e property support\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1152\"\u003eOutput unknown \u003ccode\u003ecolor-scheme\u003c/code\u003e keywords as-is instead of \u003ccode\u003enormal\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1147\"\u003eImproved serialization of the rotate property\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1145\"\u003ekeep a single space between functions when formatting \u003ccode\u003etransform\u003c/code\u003e values\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1142\"\u003eFix additionally inserted whitespace in \u003ccode\u003evar(--foo,)\u003c/code\u003e and \u003ccode\u003eenv(--foo,)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1174\"\u003eConvert the percentage in the \u003ccode\u003escale\u003c/code\u003e property or \u003ccode\u003escale()\u003c/code\u003e to a number\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/parcel-bundler/lightningcss/commit/836741b5ecc4ae70289b2a26ce265df6c8486357\"\u003eupdate compat data\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/parcel-bundler/lightningcss/commits/v1.32.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 10.1.1 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/693c82377d0948401be4c6d3220c9a74132ab112\"\u003e\u003ccode\u003e693c823\u003c/code\u003e\u003c/a\u003e 10.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7953af1fac53267c05e362f036b70de898318faa\"\u003e\u003ccode\u003e7953af1\u003c/code\u003e\u003c/a\u003e do not allow .. to consume drive letter on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1caf91893b67586255c68e2e513b14ac66785a24\"\u003e\u003ccode\u003e1caf918\u003c/code\u003e\u003c/a\u003e lint and format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7783ed6670442acb4d455b9b164a1b2a33507a45\"\u003e\u003ccode\u003e7783ed6\u003c/code\u003e\u003c/a\u003e ignore docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/6d9b356cd59372de00e1d5f3b8907a3350b9b8e5\"\u003e\u003ccode\u003e6d9b356\u003c/code\u003e\u003c/a\u003e update deps etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c36addb94e33f14254b9ca9017e63ae9c9d80d1d\"\u003e\u003ccode\u003ec36addb\u003c/code\u003e\u003c/a\u003e 10.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26b90027d5ad0c383b5253a4e45d6dc7da282db4\"\u003e\u003ccode\u003e26b9002\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/3a0d83b6f03a17ebc15361c2faa7110777042aab\"\u003e\u003ccode\u003e3a0d83b\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ea94840326c3f40522f1b544bd2303024b0eec35\"\u003e\u003ccode\u003eea94840\u003c/code\u003e\u003c/a\u003e 10.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0873fbabc00a86e09f4469386059a71abb136c93\"\u003e\u003ccode\u003e0873fba\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v10.1.1...v10.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pixi.js` from 8.15.0 to 8.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pixijs/pixijs/releases\"\u003epixi.js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.1\u003c/h2\u003e\n\u003ch2\u003e💾 Download\u003c/h2\u003e\n\u003cp\u003eInstallation:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003enpm install pixi.js@8.18.1\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eDevelopment Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProduction Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pixijs.download/v8.18.1/docs/index.html\"\u003ehttps://pixijs.download/v8.18.1/docs/index.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.18.0...v8.18.1\"\u003ehttps://github.com/pixijs/pixijs/compare/v8.18.0...v8.18.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🐛 Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent error when using \u003ccode\u003eApplication.domContainerRoot\u003c/code\u003e in Node.js by \u003ca href=\"https://github.com/UlyssesZh\"\u003e\u003ccode\u003e@​UlyssesZh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pixijs/pixijs/pull/12017\"\u003epixijs/pixijs#12017\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003e💾 Download\u003c/h2\u003e\n\u003cp\u003eInstallation:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003enpm install pixi.js@8.18.0\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eDevelopment Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProduction Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pixijs.download/v8.18.0/docs/index.html\"\u003ehttps://pixijs.download/v8.18.0/docs/index.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/pixijs/pixijs/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🚨 Behavior Change\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003etext.width\u003c/code\u003e and word wrap returning incorrect values by \u003ca href=\"https://github.com/Zyie\"\u003e\u003ccode\u003e@​Zyie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pixijs/pixijs/pull/12007\"\u003epixijs/pixijs#12007\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eText\u003c/code\u003e/\u003ccode\u003eHTMLText\u003c/code\u003e/\u003ccode\u003eBitmapText\u003c/code\u003e with \u003ccode\u003ewordWrap: true\u003c/code\u003e and non-left \u003ccode\u003ealign\u003c/code\u003e (\u003ccode\u003ecenter\u003c/code\u003e/\u003ccode\u003eright\u003c/code\u003e/\u003ccode\u003ejustify\u003c/code\u003e) now return the true rendered width from \u003ccode\u003etext.width\u003c/code\u003e instead of reporting \u003ccode\u003ewordWrapWidth\u003c/code\u003e. If you relied on \u003ccode\u003etext.width === wordWrapWidth\u003c/code\u003e for layout, use \u003ccode\u003ewordWrapWidth\u003c/code\u003e directly or wrap the text in a sized container.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/8f42bb760872ed6652775d00a4de448ac277e783\"\u003e\u003ccode\u003e8f42bb7\u003c/code\u003e\u003c/a\u003e v8.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1947eb616e415af7fe9c0436239d93991d58d27f\"\u003e\u003ccode\u003e1947eb6\u003c/code\u003e\u003c/a\u003e fix: prevent error when using Application.domContainerRoot in Node.js (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12017\"\u003e#12017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/2c5818b0e75b835ba5980844136b10cbdc3982a9\"\u003e\u003ccode\u003e2c5818b\u003c/code\u003e\u003c/a\u003e v8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/39d22791e09959d59bee5d90ed7ccb6db06d8c47\"\u003e\u003ccode\u003e39d2279\u003c/code\u003e\u003c/a\u003e chore: move \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e to production dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1c1f19364f27508ab1cc9043e27ba15cf4741b3e\"\u003e\u003ccode\u003e1c1f193\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e to 0.8.12 (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12016\"\u003e#12016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/7a8f55c37f60ffe887ca318ac22d12331f733760\"\u003e\u003ccode\u003e7a8f55c\u003c/code\u003e\u003c/a\u003e feat: add graphicsContextToSvg() for Graphics → SVG export (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/11989\"\u003e#11989\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/16dad504f68bfee55987c6a2a3aef1d98f36f1f9\"\u003e\u003ccode\u003e16dad50\u003c/code\u003e\u003c/a\u003e fix: TilingSprite tilePosition divided by resolution when using Canvas render...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/5e4640bbc3e1a9d4cb0203f57d891da30f65d395\"\u003e\u003ccode\u003e5e4640b\u003c/code\u003e\u003c/a\u003e fix: SplitText baseline mismatch when tagStyles used with lineHeight (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12008\"\u003e#12008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/19b206cd41c86940dbfcc441367141108382eadb\"\u003e\u003ccode\u003e19b206c\u003c/code\u003e\u003c/a\u003e fix: move CanvasFilterSystem to filters module (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12014\"\u003e#12014\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1b9b7d0c83f35ba05500dc81cbb2433962ca025a\"\u003e\u003ccode\u003e1b9b7d0\u003c/code\u003e\u003c/a\u003e fix: Handle literal \u003ccode\u003e\u0026lt;\u003c/code\u003e characters in parseTaggedText (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/11972\"\u003e#11972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.15.0...v8.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `preact` from 10.28.2 to 10.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact/releases\"\u003epreact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.29.2\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix hydration when we have defaultValue or value on a textarea (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5081\"\u003e#5081\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CODEOWNERS for GitHub configuration (v10.x) (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5088\"\u003e#5088\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix trusted publishing workflow (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5084\"\u003e#5084\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrusted publishing (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5072\"\u003e#5072\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.29.1\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCreate a unique event-clock for each Preact instance on a page. (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5068\"\u003e#5068\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incorrect DOM order with conditional ContextProvider and inner keys (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5067\"\u003e#5067\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Remove postinstall script for playwright setup (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5063\"\u003e#5063\u003c/a\u003e, thanks \u003ca href=\"https://github.com/rschristian\"\u003e\u003ccode\u003e@​rschristian\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: speed up tests by using playwright instead of webdriverio (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5060\"\u003e#5060\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: migrate remaining .js -\u0026gt; .jsx files (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5059\"\u003e#5059\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: rename \u003ccode\u003e.test.js\u003c/code\u003e -\u0026gt; \u003ccode\u003e.test.jsx\u003c/code\u003e when JSX is used (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5058\"\u003e#5058\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate from biome to oxfmt (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5033\"\u003e#5033\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.29.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement flushSync (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5036\"\u003e#5036\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure we reset renderCount (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5017\"\u003e#5017\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eundefined prototype (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5041\"\u003e#5041\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePerformance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGolf down compat (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5025\"\u003e#5025\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.4\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash where a synchronous effect render unmounts the tree (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5026\"\u003e#5026\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePerformance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCore size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5022\"\u003e#5022\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHooks size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5021\"\u003e#5021\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake oldProps diffing more compact (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5004\"\u003e#5004\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5019\"\u003e#5019\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompat size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5020\"\u003e#5020\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/fce6ed7a6d5f2c7333d9c26fb09f5bb9e929a737\"\u003e\u003ccode\u003efce6ed7\u003c/code\u003e\u003c/a\u003e 10.29.2 (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5091\"\u003e#5091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/84581d0b9bcc8788058fa171f437445471fc0f9f\"\u003e\u003ccode\u003e84581d0\u003c/code\u003e\u003c/a\u003e Fix buggy edge case (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5090\"\u003e#5090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/5a39554bbde4f7768e2537f19896e3ea7cbb592b\"\u003e\u003ccode\u003e5a39554\u003c/code\u003e\u003c/a\u003e Add CODEOWNERS for GitHub configuration (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5088\"\u003e#5088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/562e0f510bb98ccc73d0fea4e8c1339a3cb1da07\"\u003e\u003ccode\u003e562e0f5\u003c/code\u003e\u003c/a\u003e Fix trusted publishing workflow (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5084\"\u003e#5084\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/3a012555a9cd572fb85016c915ac61aecded51b7\"\u003e\u003ccode\u003e3a01255\u003c/code\u003e\u003c/a\u003e Trusted publishing (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5072\"\u003e#5072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/cae8d3a4a6695809e287ec7fddd992db377a1234\"\u003e\u003ccode\u003ecae8d3a\u003c/code\u003e\u003c/a\u003e Fix migrations when we have defaultValue or value on a textarea (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5081\"\u003e#5081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/4dc9b508dd37544b858bfa52d28e12d219effdbb\"\u003e\u003ccode\u003e4dc9b50\u003c/code\u003e\u003c/a\u003e 10.29.1 (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5071\"\u003e#5071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/0560f9aa1eb7f329033eca51b4c50ade5fb8396e\"\u003e\u003ccode\u003e0560f9a\u003c/code\u003e\u003c/a\u003e Create a unique event-clock for each Preact instance on a page. (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5068\"\u003e#5068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/cda06de806a3244c3dd318dfc2b4c7bf2aca6a9a\"\u003e\u003ccode\u003ecda06de\u003c/code\u003e\u003c/a\u003e Fix incorrect DOM order with conditional ContextProvider and inner keys (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/506\"\u003e#506\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/c859700e53196465607b2a351a2133b1a4d8834a\"\u003e\u003ccode\u003ec859700\u003c/code\u003e\u003c/a\u003e fix: Remove postinstall script for playwright setup (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5063\"\u003e#5063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/preactjs/preact/compare/10.28.2...10.29.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for preact since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `preact-render-to-string` from 6.6.5 to 6.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact-render-to-string/releases\"\u003epreact-render-to-string's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/450\"\u003e#450\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/dbc692fd60a9187174491a085d60e635560cb8c6\"\u003e\u003ccode\u003edbc692f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Adjust the comment-marker for streaming to be the same as renderToStringAsync where we use \\$s\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/461\"\u003e#461\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Reject unsafe namespaced attribute names before normalizing SVG/XML attribute casing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.6.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/457\"\u003e#457\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/ce6ef7153113af70c32ee952d0fbce01e0115de4\"\u003e\u003ccode\u003ece6ef71\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/lemonmade\"\u003e\u003ccode\u003e@​lemonmade\u003c/code\u003e\u003c/a\u003e! - fix: renderToStringAsync produces commas for suspended components with complex children\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.6.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/446\"\u003e#446\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b7b288c68ed8c97ed8eb6c26929111debdc03435\"\u003e\u003ccode\u003eb7b288c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Fix issues regarding streaming full HTML documents\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact-render-to-string/blob/main/CHANGELOG.md\"\u003epreact-render-to-string's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/450\"\u003e#450\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/dbc692fd60a9187174491a085d60e635560cb8c6\"\u003e\u003ccode\u003edbc692f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Adjust the comment-marker for streaming to be the same as renderToStringAsync where we use $s\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/461\"\u003e#461\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Reject unsafe namespaced attribute names before normalizing SVG/XML attribute casing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/457\"\u003e#457\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/ce6ef7153113af70c32ee952d0fbce01e0115de4\"\u003e\u003ccode\u003ece6ef71\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/lemonmade\"\u003e\u003ccode\u003e@​lemonmade\u003c/code\u003e\u003c/a\u003e! - fix: renderToStringAsync produces commas for suspended components with complex children\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/446\"\u003e#446\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b7b288c68ed8c97ed8eb6c26929111debdc03435\"\u003e\u003ccode\u003eb7b288c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Fix issues regarding streaming full HTML documents\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/eb871c8e808ed94bcd95824b10048683d4ccb358\"\u003e\u003ccode\u003eeb871c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/460\"\u003e#460\u003c/a\u003e from preactjs/changeset-release/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b22fc16c3aa8efcd15e33f01b2e9acfd4500f3be\"\u003e\u003ccode\u003eb22fc16\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/833043bc3463c81094464f3143fab3469e2e1052\"\u003e\u003ccode\u003e833043b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/461\"\u003e#461\u003c/a\u003e from preactjs/fix-link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Reject namespaced attribute\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/990307a99cace84c67bd7520a6bd32cffa9ad219\"\u003e\u003ccode\u003e990307a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/458\"\u003e#458\u003c/a\u003e from preactjs/changesets-based-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/bcd3b0b1618dc825a37aef2f8f2052a4b10c8345\"\u003e\u003ccode\u003ebcd3b0b\u003c/code\u003e\u003c/a\u003e Pin npm in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/950a59f11fd0c392890332401f2deb16cdd8b012\"\u003e\u003ccode\u003e950a59f\u003c/code\u003e\u003c/a\u003e Add changesets based publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/797a662aa267c917fcb446cd92129066db682b6e\"\u003e\u003ccode\u003e797a662\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/450\"\u003e#450\u003c/a\u003e from preactjs/id-adjustements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/df713c5a475baf34b26a77a6c1f00ad078d73a68\"\u003e\u003ccode\u003edf713c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/454\"\u003e#454\u003c/a\u003e from preactjs/changeset-release/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/39da545985de82cac948cdb52081e52bf76591f5\"\u003e\u003ccode\u003e39da545\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/preactjs/preact-render-to-string/compare/v6.6.5...v6.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rehype-citation` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/timlrx/rehype-citation/releases\"\u003erehype-citation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/60\"\u003etimlrx/rehype-citation#60\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update ci and netlify node version by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/61\"\u003etimlrx/rehype-citation#61\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: footnote typing by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/62\"\u003etimlrx/rehype-citation#62\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\"\u003ehttps://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/19a9f4dfb9815fc16d0df53aa93a8b2a954ef3ba\"\u003e\u003ccode\u003e19a9f4d\u003c/code\u003e\u003c/a\u003e 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/d785742ee34ae15c4562309623567b4e5e4fb639\"\u003e\u003ccode\u003ed785742\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/62\"\u003e#62\u003c/a\u003e from timlrx/fix-footnote-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/dbfce4828e1c991fd5645908aff7aba5aef54ff2\"\u003e\u003ccode\u003edbfce48\u003c/code\u003e\u003c/a\u003e fix: footnote typing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/b3d64a086836f998de5801b42952738be7d38128\"\u003e\u003ccode\u003eb3d64a0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/61\"\u003e#61\u003c/a\u003e from timlrx/update-ci-node-version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/21e59f74581be2d9c82ca7a0789f2c24fa9bda50\"\u003e\u003ccode\u003e21e59f7\u003c/code\u003e\u003c/a\u003e chore: update netlify node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/eceb790b3886da8502a6e0e33f40b5be44ca9931\"\u003e\u003ccode\u003eeceb790\u003c/code\u003e\u003c/a\u003e chore: update ci node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/a86aec612e8da9756fcc562c137cdc6cd289f9a7\"\u003e\u003ccode\u003ea86aec6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/60\"\u003e#60\u003c/a\u003e from timlrx/update-dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/17966586b5fceef9a6a6c5804e02ff7c1107b0c9\"\u003e\u003ccode\u003e1796658\u003c/code\u003e\u003c/a\u003e chore: update to tailwind v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/6bcf5a58967b050862287f2d9b81a56b35146952\"\u003e\u003ccode\u003e6bcf5a5\u003c/code\u003e\u003c/a\u003e chore: sync changes from citation-js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/67a76f2054a5ce3db6e139569f0262a6248e28a9\"\u003e\u003ccode\u003e67a76f2\u003c/code\u003e\u003c/a\u003e chore: update outdated link\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rehype-pretty-code` from 0.14.1 to 0.14.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/releases\"\u003erehype-pretty-code's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erehype-pretty-code@0.14.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Shiki 4\u003c/li\u003e\n\u003cli\u003echore: fix npm OIDC trusted publishing workflow\u003c/li\u003e\n\u003cli\u003edocs: update docs with renamed shiki function: \u003ccode\u003egetHighlighter\u003c/code\u003e -\u0026gt; \u003ccode\u003ecreateHighlighter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/blob/master/packages/core/CHANGELOG.md\"\u003erehype-pretty-code's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.14.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: fix npm OIDC trusted publishing workflow\u003c/li\u003e\n\u003cli\u003edocs: update docs with renamed shiki function: \u003ccode\u003egetHighlighter\u003c/code\u003e -\u0026gt; \u003ccode\u003ecreateHighlighter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.14.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Shiki 4\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/8c3530faea43a7e23ed5e301024d2860970e9594\"\u003e\u003ccode\u003e8c3530f\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/9b53bd13bd7d4c878e9151f5151c5923757889ae\"\u003e\u003ccode\u003e9b53bd1\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/d14e99613309c386116d26f8f815ffd682e1ed46\"\u003e\u003ccode\u003ed14e996\u003c/code\u003e\u003c/a\u003e Support Shiki 4 (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commits/rehype-pretty-code@0.14.3/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for rehype-pretty-code since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `satori` from 0.19.1 to 0.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/satori/releases\"\u003esatori's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.26.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.25.0...0.26.0\"\u003e0.26.0\u003c/a\u003e (2026-03-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuiltin minimal JSX runtime (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/737\"\u003e#737\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/eab60eeecca1bcefc95d69a674f20f572155fe26\"\u003eeab60ee\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.24.1...0.25.0\"\u003e0.25.0\u003c/a\u003e (2026-03-05)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCSS variables (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/736\"\u003e#736\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/d2469131e1e42c0c599c3be108ba9b500cc99ca0\"\u003ed246913\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.24.0...0.24.1\"\u003e0.24.1\u003c/a\u003e (2026-03-03)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsistent text positioning when embedFont is false (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/723\"\u003e#723\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/dc07b7002bdc5b6f1915149c5510ff79b4587816\"\u003edc07b70\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.23.0...0.24.0\"\u003e0.24.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved object-position support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/734\"\u003e#734\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/9377f705f6511fadf8fb01dbbda960fe7b2732ab\"\u003e9377f70\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.23.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.22.0...0.23.0\"\u003e0.23.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd text-indent support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/733\"\u003e#733\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/2b7e8255c8c368df1ec61d050ccf3ffc7d0b47ff\"\u003e2b7e825\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.22.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.21.0...0.22.0\"\u003e0.22.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for object-fit \u003ccode\u003efill\u003c/code\u003e and \u003ccode\u003escale-down\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/732\"\u003e#732\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/453fd917b137a16f3cf514017e262c7e53527e5f\"\u003e453fd91\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.21.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.20.0...0.21.0\"\u003e0.21.0\u003c/a\u003e (2026-03-02)\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/eab60eeecca1bcefc95d69a674f20f572155fe26\"\u003e\u003ccode\u003eeab60ee\u003c/code\u003e\u003c/a\u003e feat: builtin minimal JSX runtime (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/737\"\u003e#737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/d2469131e1e42c0c599c3be108ba9b500cc99ca0\"\u003e\u003ccode\u003ed246913\u003c/code\u003e\u003c/a\u003e feat: CSS variables (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/736\"\u003e#736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/dc07b7002bdc5b6f1915149c5510ff79b4587816\"\u003e\u003ccode\u003edc07b70\u003c/code\u003e\u003c/a\u003e fix: Consistent text positioning when embedFont is false (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/723\"\u003e#723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/54a749b3326e3b43d2d81149679d832c9d47f9dc\"\u003e\u003ccode\u003e54a749b\u003c/code\u003e\u003c/a\u003e chore: export InitInput and allow Promise (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/9377f705f6511fadf8fb01dbbda960fe7b2732ab\"\u003e\u003ccode\u003e9377f70\u003c/code\u003e\u003c/a\u003e feat: Improved object-position support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/734\"\u003e#734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/2b7e8255c8c368df1ec61d050ccf3ffc7d0b47ff\"\u003e\u003ccode\u003e2b7e825\u003c/code\u003e\u003c/a\u003e feat: Add text-indent support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/733\"\u003e#733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/453fd917b137a16f3cf514017e262c7e53527e5f\"\u003e\u003ccode\u003e453fd91\u003c/code\u003e\u003c/a\u003e feat: Support for object-fit \u003ccode\u003efill\u003c/code\u003e and \u003ccode\u003escale-down\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/732\"\u003e#732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/c8dd6f5cc16085df1fdcf5711562439f3e26d0de\"\u003e\u003ccode\u003ec8dd6f5\u003c/code\u003e\u003c/a\u003e chore: Add more tests (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/c1087d63970e9798450bb974f35f1af526ce294d\"\u003e\u003ccode\u003ec1087d6\u003c/code\u003e\u003c/a\u003e chore: Update benchmark code (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/730\"\u003e#730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/4e761c6b9fdf2959cf2a0292c9d1235154f070b6\"\u003e\u003ccode\u003e4e761c6\u003c/code\u003e\u003c/a\u003e feat: 10% perf improvements in the core lib (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/729\"\u003e#729\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/satori/compare/0.19.1...0.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serve-handler` from 6.1.6 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/serve-handler/releases\"\u003eserve-handler's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.1.7\u003c/h2\u003e\n\u003ch3\u003ePatches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix: update minimatch to 3.1.5 to resolve security vulnerabilities: \u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/228\"\u003e#228\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/ParakhJaggi\"\u003e\u003ccode\u003e@​ParakhJaggi\u003c/code\u003e\u003c/a\u003e  for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/5158ae776863f0d597187e11260d963e7a78c6a0\"\u003e\u003ccode\u003e5158ae7\u003c/code\u003e\u003c/a\u003e 6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/754d1dcb5bb6dbd164667368be5e1b1278f1da60\"\u003e\u003ccode\u003e754d1dc\u003c/code\u003e\u003c/a\u003e fix: update minimatch to 3.1.5 to resolve security vulnerabilities (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/228\"\u003e#228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/8b357fad752db5e9439e92513286970f68ed953e\"\u003e\u003ccode\u003e8b357fa\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;chore(deps): upgrade minimatch to v10.2.4 (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/226\"\u003e#226\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/8df54ef09a5497641403cd4a888525a4831f4208\"\u003e\u003ccode\u003e8df54ef\u003c/code\u003e\u003c/a\u003e chore(deps): upgrade minimatch to v10.2.4 (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vercel/serve-handler/compare/6.1.6...6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shiki` from 1.26.2 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shikijs/shiki/releases\"\u003eshiki's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003etwoslash\u003c/strong\u003e: Forward \u003ccode\u003etsModule\u003c/code\u003e to \u003ccode\u003ecreateTwoslasher\u003c/code\u003e  -  by \u003ca href=\"https://github.com/arthurfiorette\"\u003e\u003ccode\u003e@​arthurfiorette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1271\"\u003eshikijs/shiki#1271\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/be89afcf\"\u003e\u003c!-- raw HTML omitted --\u003e(be89a)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.2...v4.1.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport ANSI language with multiple themes  -  by \u003ca href=\"https://github.com/dan-lee\"\u003e\u003ccode\u003e@​dan-lee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1259\"\u003eshikijs/shiki#1259\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/2a232309\"\u003e\u003c!-- raw HTML omitted --\u003e(2a232)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.1...v4.0.2\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTry fix dts bundle, thanks \u003ca href=\"https://github.com/sxzz\"\u003e\u003ccode\u003e@​sxzz\u003c/code\u003e\u003c/a\u003e  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/1f26cb1c\"\u003e\u003c!-- raw HTML omitted --\u003e(1f26c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.0...v4.0.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch3\u003e   🚨 Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop Node v18 support, remove deprecated APIs  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1249\"\u003eshikijs/shiki#1249\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/cdca9945\"\u003e\u003c!-- raw HTML omitted --\u003e(cdca9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA leaner \u003ccode\u003e@shikijs/primitive\u003c/code\u003e package  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1251\"\u003eshikijs/shiki#1251\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/05a77f1b\"\u003e\u003c!-- raw HTML omitted --\u003e(05a77)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNew \u003ccode\u003e@shikijs/markdown-exit\u003c/code\u003e package  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/d1257c25\"\u003e\u003c!-- raw HTML omitted --\u003e(d1257)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v3.23.0...v4.0.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.23.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate grammar and themes  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/9b4cacac\"\u003e\u003c!-- raw HTML omitted --\u003e(9b4ca)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd stdin support and list commands  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1241\"\u003eshikijs/shiki#1241\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/213f19bf\"\u003e\u003c!-- raw HTML omitted --\u003e(213f1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformers\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd 'leading' position to transformerRenderWhitespace  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1236\"\u003eshikijs/shiki#1236\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/49cbb761\"\u003e\u003c!-- raw HTML omitted --\u003e(49cbb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for [!code info] notation  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1237\"\u003eshikijs/shiki#1237\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/cd2a6d94\"\u003e\u003c!-- raw HTML omitted --\u003e(cd2a6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edeclare\u003c/code\u003e modifier to top level declarations in \u003ccode\u003e.d.ts\u003c/code\u003e  -  by \u003ca href=\"https://github.com/KazariEX\"\u003e\u003ccode\u003e@​KazariEX\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1242\"\u003eshikijs/shiki#1242\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/142d55c3\"\u003e\u003c!-- raw HTML omitted --\u003e(142d5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e: Normalize language/extension casing for CLI inputs  -  by \u003ca href=\"https://github.com/Nandann018-ux\"\u003e\u003ccode\u003e@​Nandann018-ux\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1245\"\u003eshikijs/shiki#1245\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/4bea1a54\"\u003e\u003c!-- raw HTML omitted --\u003e(4bea1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v3.22.0...v3.23.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/c809af96f1907877c5cebfeee98ac5d55193140b\"\u003e\u003ccode\u003ec809af9\u003c/code\u003e\u003c/a\u003e chore: release v4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/95371cb1b3c00ced5b437a11f603939002f9ecae\"\u003e\u003ccode\u003e95371cb\u003c/code\u003e\u003c/a\u003e chore: lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/7a1007dd5befe51a0c58925ac6de102691f5a0e4\"\u003e\u003ccode\u003e7a1007d\u003c/code\u003e\u003c/a\u003e chore: release v4.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/ef42a1614b155e091382b7b0faaae6c842ca5282\"\u003e\u003ccode\u003eef42a16\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/2a23230989ff3cc81359538ea5e063a7a80af178\"\u003e\u003ccode\u003e2a23230\u003c/code\u003e\u003c/a\u003e fix: support ANSI language with multiple themes (\u003ca href=\"https://github.com/shikijs/shiki/tree/HEAD/packages/shiki/issues/1259\"\u003e#1259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/69bec642a6f3a794398b308ff123f5d6e38f4617\"\u003e\u003ccode\u003e69bec64\u003c/code\u003e\u003c/a\u003e chore: release v4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/2060ca89463e14e6f42af9b1a6950337f67bd690\"\u003e\u003ccode\u003e2060ca8\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/32f35b52fa8062185b5693931be0d389ad7853d1\"\u003e\u003ccode\u003e32f35b5\u003c/code\u003e\u003c/a\u003e chore: release v4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/720f6d862a1e28954cfaeab8c3de8b7ed0290fa0\"\u003e\u003ccode\u003e720f6d8\u003c/code\u003e\u003c/a\u003e test: restructure tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/05a77f1b9f7080fe248552994953f6aff7ea2309\"\u003e\u003ccode\u003e05a77f1\u003c/code\u003e\u003c/a\u003e feat: a leaner \u003ccode\u003e@shikijs/primitive\u003c/code\u003e package (\u003ca href=\"https://github.com/shikijs/shiki/tree/HEAD/packages/shiki/issues/1251\"\u003e#1251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shikijs/shiki/commits/v4.1.0/packages/shiki\"...\n\n_Description has been truncated_","html_url":"https://github.com/anesharchvictor/bible-study-wiki/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/anesharchvictor%2Fbible-study-wiki/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4555965398","node_id":"PR_kwDOSeHXdM7hA-40","number":5,"state":"open","title":"Bump the npm_and_yarn group across 4 directories with 14 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T23:09:35.000Z","updated_at":"2026-05-30T23:10:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":14,"packages":[{"name":"axios","old_version":"0.18.1","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"lodash","old_version":"4.17.4","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"semver","old_version":"7.0.0","new_version":"7.5.2","repository_url":"https://github.com/npm/node-semver"},{"name":"minimist","old_version":"1.2.5","new_version":"1.2.6","repository_url":"https://github.com/minimistjs/minimist"},{"name":"shelljs","old_version":"0.8.4","new_version":"0.8.5","repository_url":"https://github.com/shelljs/shelljs"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the /newIDE/app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.18.1` | `1.16.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.4` | `4.18.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [semver](https://github.com/npm/node-semver) | `7.0.0` | `7.5.2` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.6` |\n| [shelljs](https://github.com/shelljs/shelljs) | `0.8.4` | `0.8.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 8 updates in the /newIDE/electron-app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |\n| [shelljs](https://github.com/shelljs/shelljs) | `0.8.4` | `0.8.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [tar](https://github.com/isaacs/node-tar) | `6.2.1` | `7.5.15` |\n| [electron](https://github.com/electron/electron) | `32.3.3` | `42.3.0` |\n\nBumps the npm_and_yarn group with 5 updates in the /newIDE/electron-app/app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.19.2` | `0.32.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [electron](https://github.com/electron/electron) | `31.3.1` | `42.3.0` |\n\nBumps the npm_and_yarn group with 8 updates in the /newIDE/web-app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.19.2` | `0.32.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.20` | `4.18.1` |\n| [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.6` |\n| [shelljs](https://github.com/shelljs/shelljs) | `0.8.4` | `0.8.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [async](https://github.com/caolan/async) | `2.6.1` | `2.6.4` |\n| [gh-pages](https://github.com/tschaub/gh-pages) | `4.0.0` | `5.0.0` |\n\n\nUpdates `axios` from 0.18.1 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.18.1...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.4 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.4...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.4...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `semver` from 7.0.0 to 7.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/npm/node-semver/releases\"\u003esemver's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.5.1...v7.5.2\"\u003e7.5.2\u003c/a\u003e (2023-06-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc\"\u003e\u003ccode\u003e58c791f\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/566\"\u003e#566\u003c/a\u003e diff when detecting major change from prerelease (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/566\"\u003e#566\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd\"\u003e\u003ccode\u003e5c8efbc\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/565\"\u003e#565\u003c/a\u003e preserve build in raw after inc (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/565\"\u003e#565\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441\"\u003e\u003ccode\u003e717534e\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/564\"\u003e#564\u003c/a\u003e better handling of whitespace (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/564\"\u003e#564\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.5.0...v7.5.1\"\u003e7.5.1\u003c/a\u003e (2023-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/d30d25a5c1fb963c3cc9178cb1769fe45e4a3cab\"\u003e\u003ccode\u003ed30d25a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/559\"\u003e#559\u003c/a\u003e show type on invalid semver error (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/559\"\u003e#559\u003c/a\u003e) (\u003ca href=\"https://github.com/tjenkinson\"\u003e\u003ccode\u003e@​tjenkinson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.4.0...v7.5.0\"\u003e7.5.0\u003c/a\u003e (2023-04-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/503a4e52fe2b1c6ed1400d33149f7733c8361eed\"\u003e\u003ccode\u003e503a4e5\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/548\"\u003e#548\u003c/a\u003e allow identifierBase to be false (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/548\"\u003e#548\u003c/a\u003e) (\u003ca href=\"https://github.com/lsvalina\"\u003e\u003ccode\u003e@​lsvalina\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/e219bb454036a0c23e34407591f921c8edb688e7\"\u003e\u003ccode\u003ee219bb4\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/552\"\u003e#552\u003c/a\u003e throw on bad version with correct error message (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/552\"\u003e#552\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/fc2f3df0b5d25253b3580607e111a9a280d888ca\"\u003e\u003ccode\u003efc2f3df\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/546\"\u003e#546\u003c/a\u003e incorrect results from diff sometimes with prerelease versions (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/546\"\u003e#546\u003c/a\u003e) (\u003ca href=\"https://github.com/tjenkinson\"\u003e\u003ccode\u003e@​tjenkinson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/27817677794f592b592bf6181a80a4824ff762b2\"\u003e\u003ccode\u003e2781767\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/547\"\u003e#547\u003c/a\u003e avoid re-instantiating SemVer during diff compare (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/547\"\u003e#547\u003c/a\u003e) (\u003ca href=\"https://github.com/macno\"\u003e\u003ccode\u003e@​macno\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.3.8...v7.4.0\"\u003e7.4.0\u003c/a\u003e (2023-04-10)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/113f51312a1a6b6aa50d4f9486b4fde21782c1f5\"\u003e\u003ccode\u003e113f513\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/532\"\u003e#532\u003c/a\u003e identifierBase parameter for .inc (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/532\"\u003e#532\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/b-bly\"\u003e\u003ccode\u003e@​b-bly\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/48d8f8fa63bf6e35db70ff840b6da1a51596a5a8\"\u003e\u003ccode\u003e48d8f8f\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/530\"\u003e#530\u003c/a\u003e export new RELEASE_TYPES constant (\u003ca href=\"https://github.com/hcharley\"\u003e\u003ccode\u003e@​hcharley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/940723d22bca824993627c45ac30dd3d2854b8cd\"\u003e\u003ccode\u003e940723d\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/538\"\u003e#538\u003c/a\u003e intersects with v0.0.0 and v0.0.0-0 (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/538\"\u003e#538\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/aa516b50b32f5a144017d8fc1b9efe0540963c91\"\u003e\u003ccode\u003eaa516b5\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/535\"\u003e#535\u003c/a\u003e faster parse options (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/535\"\u003e#535\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/61e6ea1e9b7af01baf19ab0c0a63c8e3ebfac97c\"\u003e\u003ccode\u003e61e6ea1\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/536\"\u003e#536\u003c/a\u003e faster cache key factory for range (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/536\"\u003e#536\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/f8b8b619e71746a47852a9d301f3087ab311444f\"\u003e\u003ccode\u003ef8b8b61\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/541\"\u003e#541\u003c/a\u003e optimistic parse (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/541\"\u003e#541\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/796cbe29b06d102e1b16f3ed78eaba210ece951e\"\u003e\u003ccode\u003e796cbe2\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/533\"\u003e#533\u003c/a\u003e semver.diff prerelease to release recognition (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/533\"\u003e#533\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/dominique-blockchain\"\u003e\u003ccode\u003e@​dominique-blockchain\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/3f222b144033525ca9f8a2ce5bc6e02f0401881f\"\u003e\u003ccode\u003e3f222b1\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/537\"\u003e#537\u003c/a\u003e reuse comparators on subset (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/537\"\u003e#537\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/f66cc45c6e82eebb4b5b51af73e7b8dcaeda7e21\"\u003e\u003ccode\u003ef66cc45\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/539\"\u003e#539\u003c/a\u003e faster diff (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/539\"\u003e#539\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/c5d29df6f75741fea27fffe3b88c9c3b28e3ca73\"\u003e\u003ccode\u003ec5d29df\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/530\"\u003e#530\u003c/a\u003e Add \u0026quot;Constants\u0026quot; section to README (\u003ca href=\"https://github.com/hcharley\"\u003e\u003ccode\u003e@​hcharley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/npm/node-semver/blob/main/CHANGELOG.md\"\u003esemver's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.5.1...v7.5.2\"\u003e7.5.2\u003c/a\u003e (2023-06-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc\"\u003e\u003ccode\u003e58c791f\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/566\"\u003e#566\u003c/a\u003e diff when detecting major change from prerelease (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/566\"\u003e#566\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd\"\u003e\u003ccode\u003e5c8efbc\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/565\"\u003e#565\u003c/a\u003e preserve build in raw after inc (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/565\"\u003e#565\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441\"\u003e\u003ccode\u003e717534e\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/564\"\u003e#564\u003c/a\u003e better handling of whitespace (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/564\"\u003e#564\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.5.0...v7.5.1\"\u003e7.5.1\u003c/a\u003e (2023-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/d30d25a5c1fb963c3cc9178cb1769fe45e4a3cab\"\u003e\u003ccode\u003ed30d25a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/559\"\u003e#559\u003c/a\u003e show type on invalid semver error (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/559\"\u003e#559\u003c/a\u003e) (\u003ca href=\"https://github.com/tjenkinson\"\u003e\u003ccode\u003e@​tjenkinson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.4.0...v7.5.0\"\u003e7.5.0\u003c/a\u003e (2023-04-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/503a4e52fe2b1c6ed1400d33149f7733c8361eed\"\u003e\u003ccode\u003e503a4e5\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/548\"\u003e#548\u003c/a\u003e allow identifierBase to be false (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/548\"\u003e#548\u003c/a\u003e) (\u003ca href=\"https://github.com/lsvalina\"\u003e\u003ccode\u003e@​lsvalina\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/e219bb454036a0c23e34407591f921c8edb688e7\"\u003e\u003ccode\u003ee219bb4\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/552\"\u003e#552\u003c/a\u003e throw on bad version with correct error message (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/552\"\u003e#552\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/fc2f3df0b5d25253b3580607e111a9a280d888ca\"\u003e\u003ccode\u003efc2f3df\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/546\"\u003e#546\u003c/a\u003e incorrect results from diff sometimes with prerelease versions (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/546\"\u003e#546\u003c/a\u003e) (\u003ca href=\"https://github.com/tjenkinson\"\u003e\u003ccode\u003e@​tjenkinson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/27817677794f592b592bf6181a80a4824ff762b2\"\u003e\u003ccode\u003e2781767\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/547\"\u003e#547\u003c/a\u003e avoid re-instantiating SemVer during diff compare (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/547\"\u003e#547\u003c/a\u003e) (\u003ca href=\"https://github.com/macno\"\u003e\u003ccode\u003e@​macno\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.3.8...v7.4.0\"\u003e7.4.0\u003c/a\u003e (2023-04-10)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/113f51312a1a6b6aa50d4f9486b4fde21782c1f5\"\u003e\u003ccode\u003e113f513\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/532\"\u003e#532\u003c/a\u003e identifierBase parameter for .inc (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/532\"\u003e#532\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/b-bly\"\u003e\u003ccode\u003e@​b-bly\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/48d8f8fa63bf6e35db70ff840b6da1a51596a5a8\"\u003e\u003ccode\u003e48d8f8f\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/530\"\u003e#530\u003c/a\u003e export new RELEASE_TYPES constant (\u003ca href=\"https://github.com/hcharley\"\u003e\u003ccode\u003e@​hcharley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/940723d22bca824993627c45ac30dd3d2854b8cd\"\u003e\u003ccode\u003e940723d\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/538\"\u003e#538\u003c/a\u003e intersects with v0.0.0 and v0.0.0-0 (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/538\"\u003e#538\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/aa516b50b32f5a144017d8fc1b9efe0540963c91\"\u003e\u003ccode\u003eaa516b5\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/535\"\u003e#535\u003c/a\u003e faster parse options (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/535\"\u003e#535\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/61e6ea1e9b7af01baf19ab0c0a63c8e3ebfac97c\"\u003e\u003ccode\u003e61e6ea1\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/536\"\u003e#536\u003c/a\u003e faster cache key factory for range (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/536\"\u003e#536\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/f8b8b619e71746a47852a9d301f3087ab311444f\"\u003e\u003ccode\u003ef8b8b61\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/541\"\u003e#541\u003c/a\u003e optimistic parse (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/541\"\u003e#541\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/796cbe29b06d102e1b16f3ed78eaba210ece951e\"\u003e\u003ccode\u003e796cbe2\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/533\"\u003e#533\u003c/a\u003e semver.diff prerelease to release recognition (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/533\"\u003e#533\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/dominique-blockchain\"\u003e\u003ccode\u003e@​dominique-blockchain\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/3f222b144033525ca9f8a2ce5bc6e02f0401881f\"\u003e\u003ccode\u003e3f222b1\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/537\"\u003e#537\u003c/a\u003e reuse comparators on subset (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/537\"\u003e#537\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/f66cc45c6e82eebb4b5b51af73e7b8dcaeda7e21\"\u003e\u003ccode\u003ef66cc45\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/539\"\u003e#539\u003c/a\u003e faster diff (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/539\"\u003e#539\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/c5d29df6f75741fea27fffe3b88c9c3b28e3ca73\"\u003e\u003ccode\u003ec5d29df\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/530\"\u003e#530\u003c/a\u003e Add \u0026quot;Constants\u0026quot; section to README (\u003ca href=\"https://github.com/hcharley\"\u003e\u003ccode\u003e@​hcharley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.3.7...v7.3.8\"\u003e7.3.8\u003c/a\u003e (2022-10-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/e7b78de06eb14a7fa2075cedf9f167040d8d31af\"\u003e\u003ccode\u003ee7b78de\u003c/code\u003e\u003c/a\u003e chore: release 7.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc\"\u003e\u003ccode\u003e58c791f\u003c/code\u003e\u003c/a\u003e fix: diff when detecting major change from prerelease (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/566\"\u003e#566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd\"\u003e\u003ccode\u003e5c8efbc\u003c/code\u003e\u003c/a\u003e fix: preserve build in raw after inc (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/565\"\u003e#565\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441\"\u003e\u003ccode\u003e717534e\u003c/code\u003e\u003c/a\u003e fix: better handling of whitespace (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/2f738e9a70d9b9468b7b69e9ed3e12418725c650\"\u003e\u003ccode\u003e2f738e9\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.14.1 to 4.15.1 (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/aa016a67162c195938f7873ea29a73dac47ff9ba\"\u003e\u003ccode\u003eaa016a6\u003c/code\u003e\u003c/a\u003e chore: release 7.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/d30d25a5c1fb963c3cc9178cb1769fe45e4a3cab\"\u003e\u003ccode\u003ed30d25a\u003c/code\u003e\u003c/a\u003e fix: show type on invalid semver error (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/559\"\u003e#559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/09c69e23cdf6c69c51f83635482fff89ab2574e3\"\u003e\u003ccode\u003e09c69e2\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.13.0 to 4.14.1 (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/5b02ad7163a3ddcbcadf499e4f6195d6f2226dce\"\u003e\u003ccode\u003e5b02ad7\u003c/code\u003e\u003c/a\u003e chore: release 7.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/e219bb454036a0c23e34407591f921c8edb688e7\"\u003e\u003ccode\u003ee219bb4\u003c/code\u003e\u003c/a\u003e fix: throw on bad version with correct error message (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/552\"\u003e#552\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/npm/node-semver/compare/v7.0.0...v7.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~npm-cli-ops\"\u003enpm-cli-ops\u003c/a\u003e, a new releaser for semver since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimist` from 1.2.5 to 1.2.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md\"\u003eminimist's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.6\"\u003ev1.2.6\u003c/a\u003e - 2022-03-21\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003etest from prototype pollution PR \u003ca href=\"https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb\"\u003e\u003ccode\u003ebc8ecee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eisConstructorOrProto adapted from PR \u003ca href=\"https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d\"\u003e\u003ccode\u003ec2b9819\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esecurity notice for additional prototype pollution issue \u003ca href=\"https://github.com/minimistjs/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2\"\u003e\u003ccode\u003eef88b93\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/7efb22a518b53b06f5b02a1038a88bd6290c2846\"\u003e\u003ccode\u003e7efb22a\u003c/code\u003e\u003c/a\u003e 1.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2\"\u003e\u003ccode\u003eef88b93\u003c/code\u003e\u003c/a\u003e security notice for additional prototype pollution issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d\"\u003e\u003ccode\u003ec2b9819\u003c/code\u003e\u003c/a\u003e isConstructorOrProto adapted from PR\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb\"\u003e\u003ccode\u003ebc8ecee\u003c/code\u003e\u003c/a\u003e test from prototype pollution PR\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shelljs` from 0.8.4 to 0.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shelljs/shelljs/releases\"\u003eshelljs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.5\u003c/h2\u003e\n\u003cp\u003eThis was a small security fix for \u003ca href=\"https://redirect.github.com/shelljs/shelljs/issues/1058\"\u003e#1058\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shelljs/shelljs/blob/main/CHANGELOG.md\"\u003eshelljs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/shelljs/shelljs/tree/v0.8.5\"\u003ev0.8.5\u003c/a\u003e (2022-01-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/shelljs/shelljs/compare/v0.8.4...v0.8.5\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis was a small security fix for \u003ca href=\"https://redirect.github.com/shelljs/shelljs/issues/1058\"\u003e#1058\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shelljs/shelljs/commit/70668a4555c7d49c4f67d53ea063b899be4d6d40\"\u003e\u003ccode\u003e70668a4\u003c/code\u003e\u003c/a\u003e 0.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c\"\u003e\u003ccode\u003ed919d22\u003c/code\u003e\u003c/a\u003e fix(exec): lockdown file permissions (\u003ca href=\"https://redirect.github.com/shelljs/shelljs/issues/1060\"\u003e#1060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/shelljs/shelljs/compare/v0.8.4...v0.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.5.10 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.5.10...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81c...\n\n_Description has been truncated_","html_url":"https://github.com/Heretek-AI/GDevelop/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Heretek-AI%2FGDevelop/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4555502935","node_id":"PR_kwDOPi0zm87g_mr7","number":3,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T19:50:39.000Z","updated_at":"2026-05-30T19:51:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"drizzle-orm","old_version":"0.39.1","new_version":"0.45.2","repository_url":"https://github.com/drizzle-team/drizzle-orm"},{"name":"ws","old_version":"8.18.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"vite","old_version":"7.1.12","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"brace-expansion","old_version":"2.0.2","new_version":"2.1.1","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.52.5","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"yaml","old_version":"2.6.0","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.39.1` | `0.45.2` |\n| [ws](https://github.com/websockets/ws) | `8.18.0` | `8.21.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.12` | `7.3.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.52.5` | `4.60.4` |\n| [yaml](https://github.com/eemeli/yaml) | `2.6.0` | `2.9.0` |\n\n\nUpdates `drizzle-orm` from 0.39.1 to 0.45.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/releases\"\u003edrizzle-orm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.45.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003esql.identifier()\u003c/code\u003e, \u003ccode\u003esql.as()\u003c/code\u003e escaping issues. Previously all the values passed to this functions were not properly escaped\ncausing a possible SQL Injection (CWE-89) vulnerability\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/EthanKim88\"\u003e\u003ccode\u003e@​EthanKim88\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/0x90sh\"\u003e\u003ccode\u003e@​0x90sh\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/wgoodall01\"\u003e\u003ccode\u003e@​wgoodall01\u003c/code\u003e\u003c/a\u003e for reaching out to us with a reproduction and suggested fix\u003c/p\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden \u003ccode\u003erequire()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5107\"\u003e#5107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions\u003c/li\u003e\n\u003cli\u003eAllowed subqueries in select fields\u003c/li\u003e\n\u003cli\u003eUpdated typo algorythm =\u0026gt; algorithm\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e$onUpdate\u003c/code\u003e not handling \u003ccode\u003eSQL\u003c/code\u003e values (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/2388\"\u003e#2388\u003c/a\u003e, tests implemented by \u003ca href=\"https://github.com/L-Mario564\"\u003eL-Mario564\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/pull/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003epg\u003c/code\u003e mappers not handling \u003ccode\u003eDate\u003c/code\u003e instances in \u003ccode\u003ebun-sql:postgresql\u003c/code\u003e driver responses for \u003ccode\u003edate\u003c/code\u003e, \u003ccode\u003etimestamp\u003c/code\u003e types (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4493\"\u003e#4493\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix durable sqlite transaction return value \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/3746\"\u003e#3746\u003c/a\u003e - thanks \u003ca href=\"https://github.com/joaocstro\"\u003e\u003ccode\u003e@​joaocstro\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: add $replicas reference \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4874\"\u003e#4874\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed invalid usage of \u003ccode\u003e.one()\u003c/code\u003e in \u003ccode\u003edurable-sqlite\u003c/code\u003e session\u003c/li\u003e\n\u003cli\u003eFixed spread operator related crash in sqlite \u003ccode\u003eblob\u003c/code\u003e columns\u003c/li\u003e\n\u003cli\u003eBetter browser support for sqlite \u003ccode\u003eblob\u003c/code\u003e columns\u003c/li\u003e\n\u003cli\u003eImproved sqlite \u003ccode\u003eblob\u003c/code\u003e mapping\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix wrong DrizzleQueryError export. thanks \u003ca href=\"https://github.com/nathankleyn\"\u003e\u003ccode\u003e@​nathankleyn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed types of \u003ccode\u003e$client\u003c/code\u003e for clients created by drizzle function\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eawait db.$client.[...]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003eupdated_at\u003c/code\u003e column to the \u003ccode\u003eneon_auth.users_sync\u003c/code\u003e table definition.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUG]: Fixed type issues with joins with certain variations of \u003ccode\u003etsconfig\u003c/code\u003e: \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4535\"\u003e#4535\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4457\"\u003e#4457\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4586\"\u003e[BUG]: Drizzle can no longer run on Durable Objects\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.0\u003c/h2\u003e\n\u003ch2\u003eError handling\u003c/h2\u003e\n\u003cp\u003eStarting from this version, we’ve introduced a new \u003ccode\u003eDrizzleQueryError\u003c/code\u003e that wraps all errors from database drivers and provides a set of useful information:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/273c78071d4841b497f5144734b38294df7ec64b\"\u003e\u003ccode\u003e273c780\u003c/code\u003e\u003c/a\u003e + 0.45.2 (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5534\"\u003e#5534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/4aa6ecfee4b4728dadf6f77f071a149878a3c6c0\"\u003e\u003ccode\u003e4aa6ecf\u003c/code\u003e\u003c/a\u003e Kit updates (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5490\"\u003e#5490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e8e6edfef5ca69c6188d320388ad440265911057\"\u003e\u003ccode\u003ee8e6edf\u003c/code\u003e\u003c/a\u003e feat(drizzle-kit): support d1 via binding (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5302\"\u003e#5302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/a086f59fba7f46f3a077893ba912c99e91eaa760\"\u003e\u003ccode\u003ea086f59\u003c/code\u003e\u003c/a\u003e Fixed pg-native Pool detection in node-postgres transactions breaking in envi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/c445637df39366bcf47b12601896ce851771c1c2\"\u003e\u003ccode\u003ec445637\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5095\"\u003e#5095\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e7b3aaa26456b88cd23a7843ebc95b3bddde1ba4\"\u003e\u003ccode\u003ee7b3aaa\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/0d885a54ddafd8717f8610cf3d2899f3eef61e65\"\u003e\u003ccode\u003e0d885a5\u003c/code\u003e\u003c/a\u003e refactor: Update condition for run-feature job to improve clarity and functio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/45a1ffbcbfdd96772d0aba7d9e43744db2dce471\"\u003e\u003ccode\u003e45a1ffb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5087\"\u003e#5087\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/6357645bd33b1f444e1d081769dd4b71c3de31f8\"\u003e\u003ccode\u003e6357645\u003c/code\u003e\u003c/a\u003e chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/53dec98a936f549d0cc2e668f19db3a2df842f51\"\u003e\u003ccode\u003e53dec98\u003c/code\u003e\u003c/a\u003e refactor: Simplify release router workflow by removing unnecessary switch job...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/compare/0.39.1...0.45.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for drizzle-orm since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.18.0 to 8.21.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.21.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduced the \u003ccode\u003emaxBufferedChunks\u003c/code\u003e and \u003ccode\u003emaxFragments\u003c/code\u003e options (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a remote memory exhaustion DoS vulnerability (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eA high volume of tiny fragments and data chunks could be sent by a peer, using\nmodest network traffic, to crash a \u003ccode\u003ews\u003c/code\u003e server or client due to OOM.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer({ port: 0 }, function () {\nconst data = Buffer.alloc(1);\nconst options = { fin: false };\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e);\u003c/p\u003e\n\u003cp\u003ews.on('open', function () {\n(function send() {\nws.send(data, options, function (err) {\nif (err) return;\nsend();\n});\n})();\n});\u003c/p\u003e\n\u003cp\u003ews.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eclient close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eserver close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe vulnerability was responsibly disclosed and fixed by \u003ca href=\"https://github.com/Nadav0077\"\u003eNadav Magier\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIn vulnerable versions, the issue can be mitigated by lowering the value of the\n\u003ccode\u003emaxPayload\u003c/code\u003e option if possible.\u003c/p\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94\"\u003e\u003ccode\u003ebca91ad\u003c/code\u003e\u003c/a\u003e [dist] 8.21.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/2b2abd458a1b647d0b6033bd62a619c36189839a\"\u003e\u003ccode\u003e2b2abd4\u003c/code\u003e\u003c/a\u003e [security] Limit retained message parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/78eabe2a6677b231bf9c82601bde86ff91639490\"\u003e\u003ccode\u003e78eabe2\u003c/code\u003e\u003c/a\u003e [security] Add latest vulnerability to SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.18.0...8.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.1.12 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.1/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.0/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erevert \u0026quot;perf(deps): replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21107\"\u003e#21107\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://github.com/vitejs/vite/commit/2d66b7b14aa6dfd62f3d6a59ee8382ed5ca6fd32\"\u003e2d66b7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.2...v7.2.3\"\u003e7.2.3\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/317b3b272f9ef6faa647a51ab3b0768fecc1071d\"\u003e\u003ccode\u003e317b3b2\u003c/code\u003e\u003c/a\u003e release: v7.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e\u003ccode\u003e721f163\u003c/code\u003e\u003c/a\u003e fix: plugin shortcut support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21211\"\u003e#21211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/109\"\u003e#109\u003c/a\u003e)  c3a817c\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.1.0...v2.1.1\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.1.0...v2.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/64b71d31d7c43b956ce64fccc1dda5a3729be728\"\u003e\u003ccode\u003e64b71d3\u003c/code\u003e\u003c/a\u003e 2.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3a817c8e5421d19a37c9babcf3f216b6bf2e6b4\"\u003e\u003ccode\u003ec3a817c\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/109\"\u003e#109\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.2...v2.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8a10e473e2e0ff03c2d4de308f257093af2bce21\"\u003e\u003ccode\u003e8a10e47\u003c/code\u003e\u003c/a\u003e 9.0.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c6f180636cebd4de2f9af7ef29ca4c9bf2eeef02\"\u003e\u003ccode\u003ec6f1806\u003c/code\u003e\u003c/a\u003e brace-expansion@2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/446cfa3e2aa3ef45bd4a27fa4418221e158489f6\"\u003e\u003ccode\u003e446cfa3\u003c/code\u003e\u003c/a\u003e 9.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8fa151ab95fd4e2acd6e1a81f10d02dc7c1098d3\"\u003e\u003ccode\u003e8fa151a\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/71b78a2a4cad3a40af08a39c065e71bbf69ea7f7\"\u003e\u003ccode\u003e71b78a2\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2de496f6d9362dd92460f35ffa6ff8de2907244b\"\u003e\u003ccode\u003e2de496f\u003c/code\u003e\u003c/a\u003e 9.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0d4616de9193bf1d359271662e92657bb51b2f75\"\u003e\u003ccode\u003e0d4616d\u003c/code\u003e\u003c/a\u003e limit nested extglob recursion, flatten extglobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7117ef381e74deace1c62a74d2298c8fe61d10ca\"\u003e\u003ccode\u003e7117ef3\u003c/code\u003e\u003c/a\u003e 9.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2418458b7fe82e0a1fd1a1b6f618c41c90b9848a\"\u003e\u003ccode\u003e2418458\u003c/code\u003e\u003c/a\u003e update deps, do not checkin dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1d1f531009d5e4a86083de37e5ef3f301e073986\"\u003e\u003ccode\u003e1d1f531\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v9.0.5...v9.0.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.13.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.52.5 to 4.60.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.60.4\u003c/h2\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.2\u003c/h2\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6346\"\u003e#6346\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6347\"\u003e#6347\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6348\"\u003e#6348\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6349\"\u003e#6349\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6350\"\u003e#6350\u003c/a\u003e: fix: reset variable render names between outputs in the same generate (\u003ca href=\"https://github.com/barry3406\"\u003e\u003ccode\u003e@​barry3406\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6351\"\u003e#6351\u003c/a\u003e: chore(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6352\"\u003e#6352\u003c/a\u003e: chore(deps): update cross-platform-actions/action action to v1 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6353\"\u003e#6353\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6354\"\u003e#6354\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6355\"\u003e#6355\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6356\"\u003e#6356\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6358\"\u003e#6358\u003c/a\u003e: chore: remove cross-env from devDeps (\u003ca href=\"https://github.com/K-tecchan\"\u003e\u003ccode\u003e@​K-tecchan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.1\u003c/h2\u003e\n\u003ch2\u003e4.60.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.3\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-04\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure nested \u0026quot;exports\u0026quot; variables are not renamed (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://red...\n\n_Description has been truncated_","html_url":"https://github.com/trademomentum-llc/ml-agent-foundry/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/trademomentum-llc%2Fml-agent-foundry/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4554029869","node_id":"PR_kwDOP78JWM7g7O4V","number":1,"state":"open","title":"Build(deps): Bump the npm_and_yarn group across 1 directory with 27 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:48:40.000Z","updated_at":"2026-05-30T09:51:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps): Bump","group_name":"npm_and_yarn","update_count":27,"packages":[{"name":"axios","old_version":"1.7.2","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.1.6","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"uuid","old_version":"9.0.1","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"storybook","old_version":"9.1.4","new_version":"9.1.20","repository_url":"https://github.com/storybookjs/storybook"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"2.4.0","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"bn.js","old_version":"5.2.1","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"bn.js","old_version":"4.12.0","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"svgo","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"rollup","old_version":"3.29.4","new_version":"3.30.0","repository_url":"https://github.com/rollup/rollup"},{"name":"immutable","old_version":"4.3.6","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"js-cookie","old_version":"2.2.1","new_version":"3.0.8","repository_url":"https://github.com/js-cookie/js-cookie"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"pbkdf2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/browserify/pbkdf2"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"serialize-javascript","old_version":"6.0.2","new_version":"removed","repository_url":"https://github.com/yahoo/serialize-javascript"},{"name":"underscore","old_version":"1.13.6","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"webpack","old_version":"5.89.0","new_version":"5.107.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 25 updates in the /web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.2` | `1.16.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.1.6` | `3.4.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `9.1.4` | `9.1.20` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `2.4.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [bn.js](https://github.com/indutny/bn.js) | `5.2.1` | `5.2.3` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [rollup](https://github.com/rollup/rollup) | `3.29.4` | `3.30.0` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.6` | `4.3.8` |\n| [js-cookie](https://github.com/js-cookie/js-cookie) | `2.2.1` | `3.0.8` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.6` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.6` | `1.13.8` |\n| [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.107.2` |\n\n\nUpdates `axios` from 1.7.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.1.6 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003eADD_FORBID_CONTENTS\u003c/code\u003e setting to extend default list, thanks \u003ca href=\"https://github.com/MariusRumpf\"\u003e\u003ccode\u003e@​MariusRumpf\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated the ESM import syntax to be more correct, thanks \u003ca href=\"https://github.com/binhpv\"\u003e\u003ccode\u003e@​binhpv\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the SVG \u003ccode\u003emask-type\u003c/code\u003e attribute to default allow-list, thanks \u003ca href=\"https://github.com/prasadrajandran\"\u003e\u003ccode\u003e@​prasadrajandran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003eADD_ATTR\u003c/code\u003e and \u003ccode\u003eADD_TAGS\u003c/code\u003e to accept functions, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with the \u003ccode\u003eslot\u003c/code\u003e element being in both SVG and HTML allow-list, thanks \u003ca href=\"https://github.com/Wim-Valgaeren\"\u003e\u003ccode\u003e@​Wim-Valgaeren\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded new attributes and elements to default allow-list, thanks \u003ca href=\"https://github.com/elrion018\"\u003e\u003ccode\u003e@​elrion018\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003etagName\u003c/code\u003e parameter to custom element \u003ccode\u003eattributeNameCheck\u003c/code\u003e, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better check for animated \u003ccode\u003ehref\u003c/code\u003e attributes, thanks \u003ca href=\"https://github.com/llamakko\"\u003e\u003ccode\u003e@​llamakko\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated and improved the bundled types, thanks \u003ca href=\"https://github.com/ssi02014\"\u003e\u003ccode\u003e@​ssi02014\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated several tests to better align with new browser encoding behaviors\u003c/li\u003e\n\u003cli\u003eImproved the handling of potentially risky content inside CDATA elements, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved the regular expression for raw-text elements to cover textareas, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.1.6...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 9.0.1 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `storybook` from 9.1.4 to 9.1.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/releases\"\u003estorybook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.1.20\u003c/h2\u003e\n\u003ch2\u003e9.1.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd request validation\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev9.1.19\u003c/h2\u003e\n\u003ch2\u003e9.1.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev9.1.18\u003c/h2\u003e\n\u003ch2\u003e9.1.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/blob/v9.1.20/CHANGELOG.md\"\u003estorybook's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.1.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd request validation\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.16\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Fix Nextjs project creation in empty directories - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32828\"\u003e#32828\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCore: Add \u003ccode\u003eexperimental_devServer\u003c/code\u003e preset - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32862\"\u003e#32862\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Fix preview-first-load event - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32859\"\u003e#32859\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCore: Add \u003ccode\u003epreview-first-load\u003c/code\u003e telemetry - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32770\"\u003e#32770\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eDependencies: Update \u003ccode\u003evite-plugin-storybook-nextjs\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32821\"\u003e#32821\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNextJS: Add NextJS 16 support - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32791\"\u003e#32791\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Vitest: Support Vitest 4 - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32819\"\u003e#32819\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCSF: Fix \u003ccode\u003eplay-fn\u003c/code\u003e tag for methods - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32695\"\u003e#32695\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNextjs: Fix config access for Vite - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32759\"\u003e#32759\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMaintenance: Hotfix for missing nextjs dts files, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAutomigration: Improve the viewport/backgrounds automigration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32619\"\u003e#32619\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eMocking: Fix \u003ccode\u003esb.mock\u003c/code\u003e usage in Storybook's deployed in subpaths - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32678\"\u003e#32678\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNextJS-Vite: Automatically fix bad PostCSS configuration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32691\"\u003e#32691\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eReact Native Web: Fix REACT_NATIVE_AND_RNW should detect vite builder - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32718\"\u003e#32718\u003c/a\u003e, thanks \u003ca href=\"https://github.com/dannyhw\"\u003e\u003ccode\u003e@​dannyhw\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Add metadata for react routers - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32615\"\u003e#32615\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAutomigrations: Add automigration for viewport and backgrounds - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/31614\"\u003e#31614\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Log userAgent in onboarding - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32566\"\u003e#32566\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/f4eff4835ee6076bddf2fa2c8af680afebfaba0e\"\u003e\u003ccode\u003ef4eff48\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.19\u0026quot; to \u0026quot;9.1.20\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/046ce4d35020916e996521e04c18abfdf1052eaa\"\u003e\u003ccode\u003e046ce4d\u003c/code\u003e\u003c/a\u003e Formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/98e74eb845a2f7f4d6a65d719284bc0a459395d6\"\u003e\u003ccode\u003e98e74eb\u003c/code\u003e\u003c/a\u003e Clarify hostname validation for HTTP requests and WebSocket connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/5f27e882807b4816fba5d30490232706dc8354e7\"\u003e\u003ccode\u003e5f27e88\u003c/code\u003e\u003c/a\u003e Core: Backport origin/host validation and update related configurations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/20887f19d26d1f6e74712eeec4812f325031420b\"\u003e\u003ccode\u003e20887f1\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.18\u0026quot; to \u0026quot;9.1.19\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/66b2d8e30b1c235c198b8de0696755a13a72ceae\"\u003e\u003ccode\u003e66b2d8e\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/31f16c4cd46f9435e1558204cdccb6bf6b880c7f\"\u003e\u003ccode\u003e31f16c4\u003c/code\u003e\u003c/a\u003e fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/62dd25b508d3b8cd771cfadcac9a9f41881c0e11\"\u003e\u003ccode\u003e62dd25b\u003c/code\u003e\u003c/a\u003e Core: Require token for websocket connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/bbe61e351b4b45cd17c7d8005e48e4cab60a0315\"\u003e\u003ccode\u003ebbe61e3\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.17\u0026quot; to \u0026quot;9.1.18\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/d0d5a3d645df3493ad935e321d1ef101679cfc2e\"\u003e\u003ccode\u003ed0d5a3d\u003c/code\u003e\u003c/a\u003e Bump version from 9.1.16 to 9.1.17 MANUALLY\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/storybookjs/storybook/commits/v9.1.20/code/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for storybook since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate web dependencies to pick up security fixes, reliability improvements, and build hardening. Highlights include `axios` 1.16, `dompurify` 3.4, `lodash` 4.18, `uuid` 14, `postcss` 8.5, `storybook` 9.1, and removal of `serialize-javascript`.\n\n- **Dependencies**\n  - Security/bug fixes: `dompurify` 3.4.0, `lodash` 4.18.1, `postcss` 8.5.15, `storybook` 9.1.20.\n  - HTTP client: `axios` 1.16.0 enforces body/content limits and fixes redirects/headers.\n  - Breaking: `uuid` 14.0.0 expects global `crypto` and requires Node 20+; adds buffer bounds checks.\n  - Tooling: `webpack` 5.107.2, `terser-webpack-plugin` 5.6.1; removed `serialize-javascript`.\n  - App libs: `@antv/g2` 5.4.8, `ahooks` 3.9.7, plus assorted patch updates.\n\n- **Migration**\n  - Use Node 20+ locally and in CI for web builds and Storybook.\n  - If `uuid` runs in Node/SSR, ensure the environment provides global `crypto`; in browsers, verify `window.crypto` is available.\n  - Remove any direct `serialize-javascript` imports if present and reinstall dependencies.\n  - If you have custom Storybook networking/proxy settings, verify the preview connects after the websocket/request validation changes.\n\n\u003csup\u003eWritten for commit e748ef93c31e7903500a6c7e83e7506c6e3c020e. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/ragflow/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 27 npm dependencies in web package\n\u003e Updates dependencies in [package.json](https://github.com/EmilynnJ/ragflow/pull/1/files#diff-b861012a5dd72b8a9f3281b7cf09f5a779c98569d040b1bbc1db50f1b15e7cce), including major version bumps to `uuid` (9→14) and `axios` (1.6→1.16), plus minor/patch updates to `@antv/g2`, `ahooks`, `dompurify`, `lodash`, `postcss`, `storybook`, and `terser-webpack-plugin`.\n\u003e\n\u003e - Risk: `uuid` v14 and `axios` v1.16 may include breaking API changes that could affect runtime behavior.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized e748ef9.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/ragflow/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fragflow/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4554025511","node_id":"PR_kwDOQplPU87g7OGy","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:46:33.000Z","updated_at":"2026-05-30T09:47:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.18.6","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.1","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"tmp","old_version":"0.2.1","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.2.6","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"ip-address","old_version":"9.0.5","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.5.0","new_version":"7.6.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"ws","old_version":"8.18.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"tar","old_version":"6.2.1","new_version":"removed","repository_url":"https://github.com/isaacs/node-tar"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 21 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.18.6` | `7.29.7` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.7` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.8.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.6` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.0` | `7.6.1` |\n| [ws](https://github.com/websockets/ws) | `8.18.0` | `8.21.0` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [tar](https://github.com/isaacs/node-tar) | `6.2.1` | `removed` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.18.6 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.0.5 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/980371bb6057d78d479b5cfc18683392abd2c45f\"\u003e\u003ccode\u003e980371b\u003c/code\u003e\u003c/a\u003e Guard against unbounded control response\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/50827c73ca6c1d786c97276e47be8a33d0f2277d\"\u003e\u003ccode\u003e50827c7\u003c/code\u003e\u003c/a\u003e Adjust changelog to match release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.1 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md\"\u003etmp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2 (2024-02-28)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/278\"\u003e#278\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/268\"\u003e#268\u003c/a\u003e: Revert \u0026quot;fix \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/246\"\u003e#246\u003c/a\u003e: remove any double quotes or single quotes… (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/279\"\u003e#279\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/266\"\u003e#266\u003c/a\u003e: move paragraph on graceful cleanup to the head of the documentation (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 5\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDave Nicolson (\u003ca href=\"https://github.com/dnicolson\"\u003e\u003ccode\u003e@​dnicolson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKARASZI István (\u003ca href=\"https://github.com/raszi\"\u003e\u003ccode\u003e@​raszi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaxime Bargiel (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/robertoaceves\"\u003e\u003ccode\u003e@​robertoaceves\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.1...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.6 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.6...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 4.5.3 to 5.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eupdate strnum, FXB. Use xml-naming for DOCTYPE\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eintegrate xml-naming to validate DOCTYPE entity name and notation name (using qname because of backward compatibility)\n\u003cul\u003e\n\u003cli\u003eThis will consider xml-version as well. '1.0' is default\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eYou can set octal and binary parsing which is by deault off\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate fast-xml-builder to 1.2.0\n\u003cul\u003e\n\u003cli\u003ecan sanitize tag names if found invalid\u003c/li\u003e\n\u003cli\u003efix format output\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003efix minor old bugs and update builder\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ebackward compatibility for numerical external entity, fix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eupgrade \u003ccode\u003e@​nodable/entities\u003c/code\u003e and FXB\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to use entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo API change\u003c/li\u003e\n\u003cli\u003eNo change in performance for basic usage\u003c/li\u003e\n\u003cli\u003eNo typing change\u003c/li\u003e\n\u003cli\u003eNo config change\u003c/li\u003e\n\u003cli\u003enew dependency\u003c/li\u003e\n\u003cli\u003ebreaking: error messages for entities might have been changed.\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\"\u003ehttps://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eperformance improvment, increase entity expansion default limit\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eincrease default entity explansion limit as many projects demand for that\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003eNote: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eNote: Due to some last quick changes on v4, detail of v4.5.3 \u0026amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion\u003c/p\u003e\n\u003cp\u003e*\u003cem\u003e5.8.0 / 2026-05-12\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintegrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)\n\u003cul\u003e\n\u003cli\u003eThis will consider xml-version as well. '1.0' is default\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eYou can set octal and binary parsing which is bydeault off\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate fast-xml-builder to 1.2.0\n\u003cul\u003e\n\u003cli\u003ecan sanitize tag names if found invalid\u003c/li\u003e\n\u003cli\u003efix format output\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.3 / 2006-05-05\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.2 / 2026-04-25\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.1 / 2026-04-20\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in CJS typing file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.0 / 2026-04-17\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to user entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.6.0 / 2026-04-15\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: entity replacement for numeric entities\u003c/li\u003e\n\u003cli\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\n\u003cul\u003e\n\u003cli\u003ethis may change some error messages related to entities expansion limit or inavlid use\u003c/li\u003e\n\u003cli\u003epost check would be exposed in future version\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/4bcee44a034ec99706b68b16e31f4072505b13e9\"\u003e\u003ccode\u003e4bcee44\u003c/code\u003e\u003c/a\u003e for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/8a287bf2524f0a3a4c32be7edaedced3a9839ab8\"\u003e\u003ccode\u003e8a287bf\u003c/code\u003e\u003c/a\u003e release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/50b01dcacb8fe21f986a9e7b55800bd96401fe58\"\u003e\u003ccode\u003e50b01dc\u003c/code\u003e\u003c/a\u003e Use \u0026quot;\u003ccode\u003e@​byspec/xml\u003c/code\u003e\u0026quot; for testing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/816b652c83249edc1569c523f7bc3e13b3ef929c\"\u003e\u003ccode\u003e816b652\u003c/code\u003e\u003c/a\u003e update typings to mark validator use deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/8ad0e650bcdb05001b533f27bc01f2e873d87cc5\"\u003e\u003ccode\u003e8ad0e65\u003c/code\u003e\u003c/a\u003e update fast-xml-builder and strnum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/58e967ed7f8208e4896b607cf5a057a5659f97c6\"\u003e\u003ccode\u003e58e967e\u003c/code\u003e\u003c/a\u003e integrate xml-naming\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fa3c3af8e0d59e9fe213785a1b204b39338d2b\"\u003e\u003ccode\u003e42fa3c3\u003c/code\u003e\u003c/a\u003e separate XML validator, UPDATE DOCS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d6d80429b1d1f1420902e1cebac6fe7831ba0839\"\u003e\u003ccode\u003ed6d8042\u003c/code\u003e\u003c/a\u003e update to release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d2633709699520c514208ea70e31adb6d71ab0e8\"\u003e\u003ccode\u003ed263370\u003c/code\u003e\u003c/a\u003e remove dev dependency 'he'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f9c9a2c19f819ab6fe0856ef4e94d6aa28fe1eec\"\u003e\u003ccode\u003ef9c9a2c\u003c/code\u003e\u003c/a\u003e update builder to 1.1.7\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.3...v5.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.2.6 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.2.6...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 9.0.5 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8\"\u003e\u003ccode\u003e80fccaa\u003c/code\u003e\u003c/a\u003e 10.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e\"\u003e\u003ccode\u003eabaeb4d\u003c/code\u003e\u003c/a\u003e Type Address4.addressMinusSuffix as non-nilable (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e\"\u003e\u003ccode\u003e2878c29\u003c/code\u003e\u003c/a\u003e Preserve subnet prefix through Address6.to4() (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/123\"\u003e#123\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee\"\u003e\u003ccode\u003e586666e\u003c/code\u003e\u003c/a\u003e Reject trailing junk in Address6.fromURL (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/158\"\u003e#158\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac\"\u003e\u003ccode\u003e80bc76e\u003c/code\u003e\u003c/a\u003e Validate static factories instead of silently overflowing (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520\"\u003e\u003ccode\u003e98927be\u003c/code\u003e\u003c/a\u003e Clarify isValid() accepts CIDRs with host bits set (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/81\"\u003e#81\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a\"\u003e\u003ccode\u003ea0eb073\u003c/code\u003e\u003c/a\u003e Fix getScope() and broaden getType() classification (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/122\"\u003e#122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7\"\u003e\u003ccode\u003eec52105\u003c/code\u003e\u003c/a\u003e Add networkForm() for CIDR network-address strings (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb\"\u003e\u003ccode\u003ea9443a7\u003c/code\u003e\u003c/a\u003e Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/198\"\u003e#198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e\"\u003e\u003ccode\u003ef01d742\u003c/code\u003e\u003c/a\u003e Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v9.0.5...v10.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate dependencies to address security advisories and keep the stack current. Notable upgrades include `express` 4.22.2 and `@storybook/react` 10.x; removes `tar` and refreshes the lockfile.\n\n- **Dependencies**\n  - Bump `express` to `^4.22.2` and `@storybook/react` to `^10.4.1`.\n  - Apply security patches: `lodash@4.18.1`, `node-forge@1.4.0`, `handlebars@4.7.9`, `fast-uri@3.1.2`, `basic-ftp@5.3.1`.\n  - Notable majors: `fast-xml-parser@5.8.0`, `ip-address@10.2.0`.\n  - Remove `tar`; regenerate `package-lock.json`.\n\n- **Migration**\n  - Storybook 6.5 → 10: run `npx storybook@latest automigrate`, verify `.storybook` config, and update addons as needed.\n  - If you use `fast-xml-parser`, review v5 option changes and re-run tests.\n  - If you use `ip-address`, check for API/typing changes and adjust callers.\n  - Confirm no code relies on `tar`; re-add or replace if needed.\n\n\u003csup\u003eWritten for commit 33a16aab2d4361571b3c957532153a172935fc3a. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/twilio-video-app-react/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump Express to ^4.22.2 and Storybook React to ^10.4.1\n\u003e Updates dependency version ranges in [package.json](https://github.com/EmilynnJ/twilio-video-app-react/pull/1/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519) as part of a grouped npm/yarn dependency bump. Express moves from `^4.17.1` to `^4.22.2` and `@storybook/react` moves from `^6.5.10` to `^10.4.1`. Risk: the major version jump in `@storybook/react` (6→10) may introduce breaking API changes in Storybook stories.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 33a16aa.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/twilio-video-app-react/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Ftwilio-video-app-react/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4554016915","node_id":"PR_kwDOP1uCKc7g7MhN","number":1,"state":"open","title":"Bump the npm_and_yarn group across 5 directories with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:42:53.000Z","updated_at":"2026-05-30T09:44:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":24,"packages":[{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"postcss","old_version":"8.5.4","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"vite","old_version":"5.4.19","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.42.0","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the /testing/fake-llm-server directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch) and [path-to-regexp](https://github.com/pillarjs/path-to-regexp).\nBumps the npm_and_yarn group with 2 updates in the /scaffold directory: [postcss](https://github.com/postcss/postcss) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 8 updates in the /packages/@dyad-sh/react-vite-component-tagger directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.4` | `8.5.15` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.19` | `6.4.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.42.0` | `4.60.4` |\n\nBumps the npm_and_yarn group with 9 updates in the /packages/@dyad-sh/nextjs-webpack-component-tagger directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.43.0` | `4.60.4` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.9` | `5.107.2` |\n\nBumps the npm_and_yarn group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.2` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.20` | `8.0.14` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `4.50.1` | `4.60.4` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.9.0` |\n| [@ai-sdk/provider-utils](https://github.com/vercel/ai/tree/HEAD/packages/provider-utils) | `3.0.8` | `4.0.27` |\n| [uuid](https://github.com/uuidjs/uuid) | `11.1.0` | `14.0.0` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` |\n| [axios](https://github.com/axios/axios) | `1.11.0` | `1.16.1` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [next](https://github.com/vercel/next.js) | `15.5.2` | `16.2.6` |\n| [seroval](https://github.com/lxsmnsyc/seroval) | `1.3.2` | `1.5.4` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |\n\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.3 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.3...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.3.4 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains \u003ccode\u003econstructor\u003c/code\u003e by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.2...4.0.3\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.2...4.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.2...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.40.0 to 4.60.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.60.4\u003c/h2\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.2\u003c/h2\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6346\"\u003e#6346\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6347\"\u003e#6347\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6348\"\u003e#6348\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6349\"\u003e#6349\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6350\"\u003e#6350\u003c/a\u003e: fix: reset variable render names between outputs in the same generate (\u003ca href=\"https://github.com/barry3406\"\u003e\u003ccode\u003e@​barry3406\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6351\"\u003e#6351\u003c/a\u003e: chore(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6352\"\u003e#6352\u003c/a\u003e: chore(deps): update cross-platform-actions/action action to v1 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6353\"\u003e#6353\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6354\"\u003e#6354\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6355\"\u003e#6355\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6356\"\u003e#6356\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6358\"\u003e#6358\u003c/a\u003e: chore: remove cross-env from devDeps (\u003ca href=\"https://github.com/K-tecchan\"\u003e\u003ccode\u003e@​K-tecchan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.1\u003c/h2\u003e\n\u003ch2\u003e4.60.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.3\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-04\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure nested \u0026quot;exports\u0026quot; variables are not renamed (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6360\"\u003e#6360\u003c/a\u003e: fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://github.com/tariqrafique\"\u003e\u003ccode\u003e@​tariqrafique\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6364\"\u003e#6364\u003c/a\u003e: chore(deps): update msys2/setup-msys2 digest to e989830 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6365\"\u003e#6365\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6366\"\u003e#6366\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6367\"\u003e#6367\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6368\"\u003e#6368\u003c/a\u003e: docs: add missing backticks in \u003ccode\u003eplugin-development\u003c/code\u003e (\u003ca href=\"https://github.com/lumirlumir\"\u003e\u003ccode\u003e@​lumirlumir\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d311a84b0bb4d4a6f50d19ffd2c29cca28660c88\"\u003e\u003ccode\u003ed311a84\u003c/code\u003e\u003c/a\u003e 4.60.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/6aa324854482e273b711972955d2d1b3bb445bcc\"\u003e\u003ccode\u003e6aa3248\u003c/code\u003e\u003c/a\u003e fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/82a0fe76b1372a2cf509fc4067d69f25569b83f5\"\u003e\u003ccode\u003e82a0fe7\u003c/code\u003e\u003c/a\u003e Resolve vulnerabilities (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6375\"\u003e#6375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/71f5ebc893d7ff76b5571d63b04ea2ed4a4ddd9d\"\u003e\u003ccode\u003e71f5ebc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6371\"\u003e#6371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/af91d778cdf564dd1ae1bfd6e92604ec031824a7\"\u003e\u003ccode\u003eaf91d77\u003c/code\u003e\u003c/a\u003e chore(deps): lock file maintenance (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6373\"\u003e#6373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/65e7b94ddda9f02334fa8f12ff6bf699c1f07833\"\u003e\u003ccode\u003e65e7b94\u003c/code\u003e\u003c/a\u003e chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6372\"\u003e#6372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/642587f3d9c5b4aa482a5027672f0fa8ea76da12\"\u003e\u003ccode\u003e642587f\u003c/code\u003e\u003c/a\u003e fix(deps): update minor/patch updates (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6370\"\u003e#6370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/b47bdabeccbb7aa1b1d4117f2f4a781a9f6de297\"\u003e\u003ccode\u003eb47bdab\u003c/code\u003e\u003c/a\u003e 4.60.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/15c5f33083c8c6b1b2cbae548124fffbba2553bb\"\u003e\u003ccode\u003e15c5f33\u003c/code\u003e\u003c/a\u003e Add again some unneeded dev dependencies, to make some builds succeed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/12195dcebbd21f0f2d91e26720cd053526edbfe3\"\u003e\u003ccode\u003e12195dc\u003c/code\u003e\u003c/a\u003e fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rollup/rollup/compare/v4.42.0...v4.60.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for rollup since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.4 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.3...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.19 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025......\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdates dependencies across the monorepo to the latest secure versions, including major bumps to `vite`, `next`, and `express`. Also updates the component tagger packages to `0.8.0` and removes `serialize-javascript`.\n\n- **Dependencies**\n  - Build tooling: `vite` root → `8.0.14`; scaffold/packages → `6.4.2`; `rollup` → `4.60.4`.\n  - Frameworks: `next` → `16.2.6`.\n  - Server: `express` (fake LLM server) → `4.22.2`.\n  - Security fixes: `brace-expansion`, `minimatch`, `path-to-regexp`, `picomatch`, `postcss`, `ajv`, `qs`.\n  - AI SDK: bump `@ai-sdk/*` packages to latest `3.x/4.x`.\n  - Internal: `@dyad-sh/react-vite-component-tagger` and `@dyad-sh/nextjs-webpack-component-tagger` → `0.8.0` (peer `vite` now includes `^6`); removed `serialize-javascript`.\n\n- **Migration**\n  - Use Node 18+ (required by `vite` 6/8 and `next` 16).\n  - Reinstall deps and rebuild: clean install to refresh lockfiles.\n  - Verify project build/dev with `vite` and `next` 16; review any breaking changes in configs and plugins.\n\n\u003csup\u003eWritten for commit ae1a2fd5ed0cf33c41ada69847cd0d7383bcedce. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/dyad/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies across 5 directories including major AI SDK and Vite upgrades\n\u003e - Updates AI SDK packages (`ai`, `@ai-sdk/*`) from v2/v3/v5 to v3/v4/v6 in [package.json](https://github.com/EmilynnJ/dyad/pull/1/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519), covering providers for OpenAI, Anthropic, Google, Azure, Bedrock, and xAI\n\u003e - Bumps `vite` from v5 to v8 in the root package, v5 to v6 in `react-vite-component-tagger`, and v6.3 to v6.4 in the scaffold\n\u003e - Updates `express` from 4.18 to 4.22 in the fake LLM test server and `postcss` to 8.5 in the scaffold\n\u003e - Risk: Multiple major version bumps (AI SDK, Vite, `uuid`, `glob`) may introduce breaking API changes\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized ae1a2fd.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/dyad/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fdyad/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4554002859","node_id":"PR_kwDOQpga1c7g7KAX","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:36:27.000Z","updated_at":"2026-05-30T09:37:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":5,"packages":[{"name":"rollup","old_version":"3.29.5","new_version":"3.30.0","repository_url":"https://github.com/rollup/rollup"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rollup](https://github.com/rollup/rollup) | `3.29.5` | `3.30.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `rollup` from 3.29.5 to 3.30.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.30.0\u003c/h2\u003e\n\u003ch2\u003e3.30.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6276\"\u003e#6276\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v3.30.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.30.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6276\"\u003e#6276\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d91d5e11becc2f16d3a493231fb5bf48f74758a9\"\u003e\u003ccode\u003ed91d5e1\u003c/code\u003e\u003c/a\u003e 3.30.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/967740910dc90f3c928c91642f2b80c1ed40d60b\"\u003e\u003ccode\u003e9677409\u003c/code\u003e\u003c/a\u003e Update release script for backports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\"\u003e\u003ccode\u003ec8cf1f9\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v3.29.5...v3.30.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a\"\u003e\u003ccode\u003ecc482e7\u003c/code\u003e\u003c/a\u003e 4.1.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f\"\u003e\u003ccode\u003e50968b8\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b\"\u003e\u003ccode\u003ed092d86\u003c/code\u003e\u003c/a\u003e lint fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879\"\u003e\u003ccode\u003e383665f\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976\"\u003e\u003ccode\u003e0d3ca7a\u003c/code\u003e\u003c/a\u003e README.md: HTTP =\u0026gt; HTTPS (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b\"\u003e\u003ccode\u003e49baadd\u003c/code\u003e\u003c/a\u003e doc: 'empty' style option for !!null\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce\"\u003e\u003ccode\u003eba3460e\u003c/code\u003e\u003c/a\u003e Fix demo link (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/EmilynnJ/janus-gateway/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate `rollup`, `flatted`, `js-yaml`, `minimatch`, and `picomatch` to pick up security fixes and improve build safety with Rollup’s new output-path check.\n\n- **Dependencies**\n  - `rollup`: 3.29.5 → 3.30.0 — validates bundle paths stay within the output dir.\n  - `js-yaml`: 4.1.0 → 4.1.1 — fixes prototype pollution.\n  - `picomatch`: 2.3.1 → 2.3.2 — security fixes.\n  - `minimatch`: 3.1.2 → 3.1.5 — fixes globstar matching and improves perf.\n  - `flatted`: 3.3.1 → 3.4.2 — maintenance/security hardening.\n\n- **Migration**\n  - Check build configs and output paths; Rollup now throws if outputs escape the configured directory.\n\n\u003csup\u003eWritten for commit 9af2d3447b58d53721e5d4cde27ef3bfbc8a0090. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/janus-gateway/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 5 npm dependencies in package-lock.json\n\u003e Updates 5 packages in [package-lock.json](https://github.com/EmilynnJ/janus-gateway/pull/1/files#diff-053150b640a7ce75eff69d1a22cae7f0f94ad64ce9a855db544dda0929316519) as part of a routine dependency bump.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 9af2d34.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/janus-gateway/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fjanus-gateway/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4554002818","node_id":"PR_kwDORoC1887g7J_6","number":1,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:36:27.000Z","updated_at":"2026-05-30T09:37:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"@modelcontextprotocol/sdk","old_version":"1.25.3","new_version":"1.26.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"uuid","old_version":"13.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"@isaacs/brace-expansion","old_version":"5.0.0","new_version":"5.0.1"},{"name":"tar","old_version":"7.5.7","new_version":"7.5.15","repository_url":"https://github.com/isaacs/node-tar"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"hono","old_version":"4.11.7","new_version":"4.12.23","repository_url":"https://github.com/honojs/hono"},{"name":"minimatch","old_version":"10.1.1","new_version":"10.2.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"protobufjs","old_version":"7.5.4","new_version":"7.6.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"qs","old_version":"6.14.1","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"vite","old_version":"7.3.1","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 15 updates in the /gitnexus directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.3` | `1.26.0` |\n| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.7` | `7.5.15` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [hono](https://github.com/honojs/hono) | `4.11.7` | `4.12.23` |\n| [minimatch](https://github.com/isaacs/minimatch) | `10.1.1` | `10.2.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` |\n| [qs](https://github.com/ljharb/qs) | `6.14.1` | `6.15.2` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.3` |\n\nBumps the npm_and_yarn group with 12 updates in the /gitnexus-web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |\n| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.3` | `7.5.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `10.1.1` | `10.2.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.21` | `8.0.14` |\n| [axios](https://github.com/axios/axios) | `1.13.2` | `1.16.0` |\n| [mermaid](https://github.com/mermaid-js/mermaid) | `11.12.2` | `11.15.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.7` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.7` | `0.7.3` |\n\n\nUpdates `@modelcontextprotocol/sdk` from 1.25.3 to 1.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.26.0\u003c/h2\u003e\n\u003cp\u003eAddresses \u0026quot;Sharing server/transport instances can leak cross-client response data\u0026quot; in this GHSA \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: bump v1.25.3 for backport fixes by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\"\u003emodelcontextprotocol/typescript-sdk#1412\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by \u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) by \u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.26.0 by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\"\u003emodelcontextprotocol/typescript-sdk#1479\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"\u003e\u003ccode\u003efe9c07b\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.26.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"\u003e\u003ccode\u003e4f01e7e\u003c/code\u003e\u003c/a\u003e fix: add non-null assertions for optional setupServer fields in stateful test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"\u003e\u003ccode\u003ea05be17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"\u003e\u003ccode\u003e50d9fa3\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\"\u003e#1442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"\u003e\u003ccode\u003eaa81a66\u003c/code\u003e\u003c/a\u003e fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"\u003e\u003ccode\u003e6aba065\u003c/code\u003e\u003c/a\u003e chore: bump v1.25.3 for backport fixes (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\"\u003e#1412\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.9 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/2f8ca3665f5257305603783ec9999bd1a9bec0f2\"\u003e\u003ccode\u003e2f8ca36\u003c/code\u003e\u003c/a\u003e 1.19.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.9...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1\n\nUpdates `tar` from 7.5.7 to 7.5.15\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/87cc309f13c21d598b0b833235d387a252455058\"\u003e\u003ccode\u003e87cc309\u003c/code\u003e\u003c/a\u003e 7.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7aef486f0d21c10fd7790b16b1b28f04648cf334\"\u003e\u003ccode\u003e7aef486\u003c/code\u003e\u003c/a\u003e fix: regression in pending links detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6244eb33846bbd407443f5d0e339bd8c91663cd6\"\u003e\u003ccode\u003e6244eb3\u003c/code\u003e\u003c/a\u003e 7.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/9704d8c6f639573775133cbbd541aba83cb46c9c\"\u003e\u003ccode\u003e9704d8c\u003c/code\u003e\u003c/a\u003e stricter protection against hardlinks preempting their targets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/700734f9aeb113bcc5f1400d81b8be7d499e54a2\"\u003e\u003ccode\u003e700734f\u003c/code\u003e\u003c/a\u003e update workflows and deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/d6611ae951056addb77c6e11baf7bcc9d7648e46\"\u003e\u003ccode\u003ed6611ae\u003c/code\u003e\u003c/a\u003e 7.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/119c401f4f7efbeb112d28f9dfc9c489674c9a79\"\u003e\u003ccode\u003e119c401\u003c/code\u003e\u003c/a\u003e fix(extract): prevent raced symlink writes outside cwd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2a294d3fbb24c18dc80f31059f49dd9af15653fe\"\u003e\u003ccode\u003e2a294d3\u003c/code\u003e\u003c/a\u003e 7.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/01082a42c3256ca6054f9627911cce4dbfe00d92\"\u003e\u003ccode\u003e01082a4\u003c/code\u003e\u003c/a\u003e fix: reject top promise on floating addFilesAsync rejections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/dd1c36ab7acff26e5a34935d17f27a45bb088db3\"\u003e\u003ccode\u003edd1c36a\u003c/code\u003e\u003c/a\u003e linting\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.11.7 to 4.12.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(serve-static): normalize all backslashes in file paths, not just the first in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4962\"\u003ehonojs/hono#4962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(context): export the Context class publicly by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4543\"\u003ehonojs/hono#4543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(contribution): add AI Usage Policy by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4970\"\u003ehonojs/hono#4970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(compress): add contentTypeFilter option and \u003ccode\u003eCOMPRESSIBLE_CONTENT_TYPE_REGEX\u003c/code\u003e re-export by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4961\"\u003ehonojs/hono#4961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(utils/ipaddr): do not compress a single 0 group to \u003ccode\u003e::\u003c/code\u003e by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4971\"\u003ehonojs/hono#4971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.22...v4.12.23\"\u003ehttps://github.com/honojs/hono/compare/v4.12.22...v4.12.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update vitest to v4 and cleanups by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4952\"\u003ehonojs/hono#4952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mime): specify charset parameter per MIME type instead of mechanical detection by \u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(compress): respect Accept-Encoding when encoding option is set by \u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deno): echo negotiated WebSocket subprotocol in upgrade response by \u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add msgpack as a compressible content type by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.21...v4.12.22\"\u003ehttps://github.com/honojs/hono/compare/v4.12.21...v4.12.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.21\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eapp.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003eapp.mount()\u003c/code\u003e. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3\u003c/p\u003e\n\u003ch3\u003eIP Restriction bypasses static deny rules for non-canonical IPv6\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/ip-restriction\u003c/code\u003e. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5\u003c/p\u003e\n\u003ch3\u003eCookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of \u003ccode\u003esameSite\u003c/code\u003e and \u003ccode\u003epriority\u003c/code\u003e options against injection characters (\u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x\u003c/p\u003e\n\u003ch3\u003eJWT middleware accepts any Authorization scheme, not only Bearer\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/jwt\u003c/code\u003e, \u003ccode\u003ehono/jwk\u003c/code\u003e. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use \u003ccode\u003eapp.mount()\u003c/code\u003e, \u003ccode\u003ehono/ip-restriction\u003c/code\u003e, \u003ccode\u003ehono/cookie\u003c/code\u003e, or \u003ccode\u003ehono/jwt\u003c/code\u003e/\u003ccode\u003ehono/jwk\u003c/code\u003e are encouraged to upgrade to this version.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/83bfb3bb4a12c1d92c163a39e907df5d662ff78d\"\u003e\u003ccode\u003e83bfb3b\u003c/code\u003e\u003c/a\u003e 4.12.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/bcd290a64c0b392fd06d2bd1f256c5dc9835e4a4\"\u003e\u003ccode\u003ebcd290a\u003c/code\u003e\u003c/a\u003e fix(utils/ipaddr): do not compress a single 0 group to \u003ccode\u003e::\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4971\"\u003e#4971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c968177d9c11ddc7c7cca57c384497f11a6d60ae\"\u003e\u003ccode\u003ec968177\u003c/code\u003e\u003c/a\u003e feat(compress): add contentTypeFilter option and `COMPRESSIBLE_CONTENT_TYPE_R...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/0265a5453a7c272417eaa22b93d3fb319d2188ed\"\u003e\u003ccode\u003e0265a54\u003c/code\u003e\u003c/a\u003e docs(contribution): add AI Usage Policy (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c84c5d2d46ca6a78c316529491d42ab7bb956368\"\u003e\u003ccode\u003ec84c5d2\u003c/code\u003e\u003c/a\u003e feat(context): export the Context class publicly (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4543\"\u003e#4543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/82dad6297c90c33c41bf48b4530509a21588ad06\"\u003e\u003ccode\u003e82dad62\u003c/code\u003e\u003c/a\u003e fix(serve-static): normalize all backslashes in file paths, not just the firs...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e\"\u003e\u003ccode\u003e2f01b77\u003c/code\u003e\u003c/a\u003e 4.12.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99\"\u003e\u003ccode\u003e6bc0dff\u003c/code\u003e\u003c/a\u003e feat: add msgpack as a compressible content type (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4957\"\u003e#4957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9\"\u003e\u003ccode\u003e7e0555d\u003c/code\u003e\u003c/a\u003e fix(deno): echo negotiated WebSocket subprotocol in upgrade response (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6\"\u003e\u003ccode\u003ef0ed246\u003c/code\u003e\u003c/a\u003e fix(compress): respect Accept-Encoding when encoding option is set (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4951\"\u003e#4951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.11.7...v4.12.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 10.1.1 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/693c82377d0948401be4c6d3220c9a74132ab112\"\u003e\u003ccode\u003e693c823\u003c/code\u003e\u003c/a\u003e 10.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7953af1fac53267c05e362f036b70de898318faa\"\u003e\u003ccode\u003e7953af1\u003c/code\u003e\u003c/a\u003e do not allow .. to consume drive letter on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1caf91893b67586255c68e2e513b14ac66785a24\"\u003e\u003ccode\u003e1caf918\u003c/code\u003e\u003c/a\u003e lint and format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7783ed6670442acb4d455b9b164a1b2a33507a45\"\u003e\u003ccode\u003e7783ed6\u003c/code\u003e\u003c/a\u003e ignore docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/6d9b356cd59372de00e1d5f3b8907a3350b9b8e5\"\u003e\u003ccode\u003e6d9b356\u003c/code\u003e\u003c/a\u003e update deps etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c36addb94e33f14254b9ca9017e63ae9c9d80d1d\"\u003e\u003ccode\u003ec36addb\u003c/code\u003e\u003c/a\u003e 10.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26b90027d5ad0c383b5253a4e45d6dc7da282db4\"\u003e\u003ccode\u003e26b9002\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/3a0d83b6f03a17ebc15361c2faa7110777042aab\"\u003e\u003ccode\u003e3a0d83b\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ea94840326c3f40522f1b544bd2303024b0eec35\"\u003e\u003ccode\u003eea94840\u003c/code\u003e\u003c/a\u003e 10.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0873fbabc00a86e09f4469386059a71abb136c93\"\u003e\u003ccode\u003e0873fba\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v10.1.1...v10.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479df...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade dependencies in `gitnexus` and `gitnexus-web` to pick up security fixes and performance improvements, notably `uuid` v14 and `vite` v8. This raises the minimum Node version to 20+.\n\n- **Dependencies**\n  - `uuid` → 14.0.0 (Node 20+; includes bounds check fix GHSA-w5hq-g745-h8pq)\n  - `vite` (web) → 8.x for faster builds and latest plugin APIs\n  - `@modelcontextprotocol/sdk` → 1.26.0 (fixes cross-client response leak GHSA-345p-7cg4-v4c7)\n  - `@hono/node-server` and `hono` updated with security fixes for static serving, cookies/JWT, and IP restriction\n  - Security patches: `fast-uri`, `path-to-regexp`, `picomatch`, `postcss`\n  - Routine bumps: `axios`, `mermaid`, `protobufjs`, `qs`, `tar`, `minimatch`, and more\n\n- **Migration**\n  - Ensure CI and runtime use Node 20+.\n  - Clean install and rebuild: rm locks/node_modules, then install.\n  - For `gitnexus-web`: verify `vite` v8 dev/production builds and plugin compatibility.\n  - Run a quick smoke test of auth, static assets, and API routes.\n\n\u003csup\u003eWritten for commit 76d69570b3622e25220e2771c251a382b6e3bd1a. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/GitNexus/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies including vite, uuid, axios, and mermaid across 2 directories\n\u003e - Updates `gitnexus-web` dependencies: `axios` ^1.13.2→^1.16.0, `mermaid` ^11.12.2→^11.15.0, `uuid` ^13.0.0→^14.0.0, `vite` ^5.2.0→^8.0.14\n\u003e - Updates `gitnexus` dependency: `uuid` ^13.0.0→^14.0.0\n\u003e - Risk: `vite` jumps from v5 to v8 and `uuid` moves to v14, both major version bumps that may include breaking changes\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 76d6957.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/GitNexus/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2FGitNexus/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4554001511","node_id":"PR_kwDOQ3fS3M7g7JxM","number":2,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 6 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:35:50.000Z","updated_at":"2026-05-30T09:40:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":11,"packages":[{"name":"ansi-regex","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/chalk/ansi-regex"},{"name":"ansi-regex","old_version":"5.0.0","new_version":"5.0.1","repository_url":"https://github.com/chalk/ansi-regex"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.0","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"send","old_version":"0.17.1","new_version":"0.19.2","repository_url":"https://github.com/pillarjs/send"},{"name":"serve-static","old_version":"1.14.1","new_version":"1.16.3","repository_url":"https://github.com/expressjs/serve-static"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `4.1.0` | `4.1.1` |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.0` | `2.3.2` |\n| [send](https://github.com/pillarjs/send) | `0.17.1` | `0.19.2` |\n| [serve-static](https://github.com/expressjs/serve-static) | `1.14.1` | `1.16.3` |\n\nBumps the npm_and_yarn group with 5 updates in the /11-integrating-with-function-calling/typescript/function-app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [axios](https://github.com/axios/axios) | `1.12.0` | `1.16.0` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n\nBumps the npm_and_yarn group with 4 updates in the /09-building-image-applications/typescript/image-generation-app directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [@tootallnate/once](https://github.com/TooTallNate/once).\nBumps the npm_and_yarn group with 4 updates in the /08-building-search-applications/typescript/search-app directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [@tootallnate/once](https://github.com/TooTallNate/once).\nBumps the npm_and_yarn group with 4 updates in the /07-building-chat-applications/typescript/chat-completions-app directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [@tootallnate/once](https://github.com/TooTallNate/once).\nBumps the npm_and_yarn group with 4 updates in the /06-text-generation-apps/typescript/recipe-app directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [qs](https://github.com/ljharb/qs).\n\nUpdates `ansi-regex` from 4.1.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chalk/ansi-regex/commit/64735d25eb839b55bc9fae3877edb702b4c92ca2\"\u003e\u003ccode\u003e64735d2\u003c/code\u003e\u003c/a\u003e v4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a\"\u003e\u003ccode\u003e75a657d\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS (\u003ca href=\"https://redirect.github.com/chalk/ansi-regex/issues/37\"\u003e#37\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ansi-regex` from 5.0.0 to 5.0.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chalk/ansi-regex/commit/64735d25eb839b55bc9fae3877edb702b4c92ca2\"\u003e\u003ccode\u003e64735d2\u003c/code\u003e\u003c/a\u003e v4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a\"\u003e\u003ccode\u003e75a657d\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS (\u003ca href=\"https://redirect.github.com/chalk/ansi-regex/issues/37\"\u003e#37\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.0 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes bug when a pattern containing an expression after the closing parenthesis (\u003ccode\u003e/!(*.d).{ts,tsx}\u003c/code\u003e) was incorrectly converted to regexp (\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241ef\"\u003e9f241ef\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSome documentation improvements (\u003ca href=\"https://github.com/micromatch/picomatch/commit/f81d236\"\u003ef81d236\u003c/a\u003e, \u003ca href=\"https://github.com/micromatch/picomatch/commit/421e0e7\"\u003e421e0e7\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5467a5a9638472610de4f30709991b9a56bb5613\"\u003e\u003ccode\u003e5467a5a\u003c/code\u003e\u003c/a\u003e 2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241efedc15a21bcec1edafd43ee773ceb4bc35\"\u003e\u003ccode\u003e9f241ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/102\"\u003e#102\u003c/a\u003e from micromatch/ISSUE-93_incorrect_extglob_expanding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac3cb660ca76764627aa825676df59378dd60bcd\"\u003e\u003ccode\u003eac3cb66\u003c/code\u003e\u003c/a\u003e fix: support stars in negation extglobs with expression after closing parenth...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/719d348d8a01cf23c6c10568191c1ad5a3fc33e3\"\u003e\u003ccode\u003e719d348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/85\"\u003e#85\u003c/a\u003e from XhmikosR/codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac74e57b38a0d16de8e1752a62003e49c1622cec\"\u003e\u003ccode\u003eac74e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/91\"\u003e#91\u003c/a\u003e from XhmikosR/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.0...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `send` from 0.17.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/send/releases\"\u003esend's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: use tilde notation and update certain dependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pillarjs/send/pull/279\"\u003epillarjs/send#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 0.19.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pillarjs/send/pull/280\"\u003epillarjs/send#280\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/send/compare/0.19.1...0.19.2\"\u003ehttps://github.com/pillarjs/send/compare/0.19.1...0.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(deps): encodeurl@~2.0.0 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pillarjs/send/pull/240\"\u003epillarjs/send#240\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/send/compare/0.19.0...0.19.1\"\u003ehttps://github.com/pillarjs/send/compare/0.19.0...0.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting (\u003ca href=\"https://redirect.github.com/pillarjs/send/pull/235\"\u003epillarjs/send#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pillarjs/send/pull/235\"\u003epillarjs/send#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/send/compare/0.18.0...0.19.0\"\u003ehttps://github.com/pillarjs/send/compare/0.18.0...0.19.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/send/blob/master/HISTORY.md\"\u003esend's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.19.2 / 2025-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: http-errors@~2.0.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@~2.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.19.1 / 2024-10-09\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.19.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.18.0 / 2022-03-23\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix emitted 416 error missing headers property\u003c/li\u003e\n\u003cli\u003eLimit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\n\u003cul\u003e\n\u003cli\u003eReplace internal \u003ccode\u003eeval\u003c/code\u003e usage with \u003ccode\u003eFunction\u003c/code\u003e constructor\u003c/li\u003e\n\u003cli\u003eUse instance methods on \u003ccode\u003eprocess\u003c/code\u003e to check for listeners\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: destroy@1.2.0\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\n\u003cul\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.17.2 / 2021-12-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003epref: ignore empty http tokens\u003c/li\u003e\n\u003cli\u003edeps: http-errors@1.8.1\n\u003cul\u003e\n\u003cli\u003edeps: inherits@2.0.4\u003c/li\u003e\n\u003cli\u003edeps: toidentifier@1.0.1\u003c/li\u003e\n\u003cli\u003edeps: setprototypeof@1.2.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: ms@2.1.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/34ba03b7579d31c8bb6d5a3ead573da1a7a118e7\"\u003e\u003ccode\u003e34ba03b\u003c/code\u003e\u003c/a\u003e 0.19.2 (\u003ca href=\"https://redirect.github.com/pillarjs/send/issues/280\"\u003e#280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/e53e4e51b98e62955c9e302e77585a85f45a9c8b\"\u003e\u003ccode\u003ee53e4e5\u003c/code\u003e\u003c/a\u003e deps: use tilde notation and update certain dependencies (\u003ca href=\"https://redirect.github.com/pillarjs/send/issues/279\"\u003e#279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/19efaa39b98ff3ea26a90a484b9fd11efe0b37cd\"\u003e\u003ccode\u003e19efaa3\u003c/code\u003e\u003c/a\u003e 0.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/0a9fa80d8b49643066a6f7b5b4cb891b8e44cc05\"\u003e\u003ccode\u003e0a9fa80\u003c/code\u003e\u003c/a\u003e fix(deps): encodeurl@~2.0.0 (\u003ca href=\"https://redirect.github.com/pillarjs/send/issues/240\"\u003e#240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/9d2db99518b366d20783fe1c08a1b9bd418929ce\"\u003e\u003ccode\u003e9d2db99\u003c/code\u003e\u003c/a\u003e 0.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35\"\u003e\u003ccode\u003eae4f298\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/b69cbb3dc4c09c37917d08a4c13fcd1bac97ade5\"\u003e\u003ccode\u003eb69cbb3\u003c/code\u003e\u003c/a\u003e 0.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/f53edbb7f4f7ebdd936d3d714d84d52f2d3d00f3\"\u003e\u003ccode\u003ef53edbb\u003c/code\u003e\u003c/a\u003e Limit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/706d6ddf0d3c8a9248fc1edbc3ff60bbc6ad7b93\"\u003e\u003ccode\u003e706d6dd\u003c/code\u003e\u003c/a\u003e docs: add security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/b690ba4bd149d20fa6687ee6298fb6aede5b21d7\"\u003e\u003ccode\u003eb690ba4\u003c/code\u003e\u003c/a\u003e docs: fix linux build badge link\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/send/compare/0.17.1...0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for send since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serve-static` from 1.14.1 to 1.16.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/serve-static/releases\"\u003eserve-static's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@~0.19.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/227\"\u003eexpressjs/serve-static#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.16.3 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/229\"\u003eexpressjs/serve-static#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.16.2...v1.16.3\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.16.2...v1.16.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eencodeurl@~2.0.0 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/180\"\u003eexpressjs/serve-static#180\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.16.1...v1.16.2\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.16.1...v1.16.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebump send to 0.19 by \u003ca href=\"https://github.com/tommasini\"\u003e\u003ccode\u003e@​tommasini\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/176\"\u003eexpressjs/serve-static#176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommasini\"\u003e\u003ccode\u003e@​tommasini\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/176\"\u003eexpressjs/serve-static#176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/1.16.0...v1.16.1\"\u003ehttps://github.com/expressjs/serve-static/compare/1.16.0...v1.16.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/173\"\u003eexpressjs/serve-static#173\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/173\"\u003eexpressjs/serve-static#173\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.18.0\n\u003cul\u003e\n\u003cli\u003eFix emitted 416 error missing headers property\u003c/li\u003e\n\u003cli\u003eLimit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: destroy@1.2.0\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.14.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.17.2\n\u003cul\u003e\n\u003cli\u003edeps: http-errors@1.8.1\u003c/li\u003e\n\u003cli\u003edeps: ms@2.1.3\u003c/li\u003e\n\u003cli\u003epref: ignore empty http tokens\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/serve-static/blob/master/HISTORY.md\"\u003eserve-static's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.16.3 / 2024-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@~0.19.1\n\u003cul\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.2 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.1 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.15.0 / 2022-03-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.18.0\n\u003cul\u003e\n\u003cli\u003eFix emitted 416 error missing headers property\u003c/li\u003e\n\u003cli\u003eLimit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: destroy@1.2.0\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.14.2 / 2021-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.17.2\n\u003cul\u003e\n\u003cli\u003edeps: http-errors@1.8.1\u003c/li\u003e\n\u003cli\u003edeps: ms@2.1.3\u003c/li\u003e\n\u003cli\u003epref: ignore empty http tokens\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/9acad22498aa5f95b6e887eae1ab9eae63657d8a\"\u003e\u003ccode\u003e9acad22\u003c/code\u003e\u003c/a\u003e 1.16.3 (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/52dc97d9d3a0269266d005b79eeac295d0a5a895\"\u003e\u003ccode\u003e52dc97d\u003c/code\u003e\u003c/a\u003e deps: send@~0.19.1 and upgrade Node.js versions on the CI  (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/issues/227\"\u003e#227\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/ec9c5ecfb09368519e4698ffbbe1882de00d0ef2\"\u003e\u003ccode\u003eec9c5ec\u003c/code\u003e\u003c/a\u003e 1.16.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/f454d37c68fdad04b582cb9ac0cd165ab6d19114\"\u003e\u003ccode\u003ef454d37\u003c/code\u003e\u003c/a\u003e fix(deps): encodeurl@~2.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/77a8255688cc4affc70e6dc9aa02e3ced4957e77\"\u003e\u003ccode\u003e77a8255\u003c/code\u003e\u003c/a\u003e 1.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/4263f496876980c165a3104d087c1ebaa046ad3d\"\u003e\u003ccode\u003e4263f49\u003c/code\u003e\u003c/a\u003e fix(deps): send@0.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/48c73970b129b96cba448e792576ad89b1f9fbed\"\u003e\u003ccode\u003e48c7397\u003c/code\u003e\u003c/a\u003e 1.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b\"\u003e\u003ccode\u003e0c11fad\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/9b5a12a76f4d70530d2d2a8c7742e9158ed3c0a4\"\u003e\u003ccode\u003e9b5a12a\u003c/code\u003e\u003c/a\u003e 1.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/a39a0df51aa31f22b4947ade34fd90b14c7be1ea\"\u003e\u003ccode\u003ea39a0df\u003c/code\u003e\u003c/a\u003e docs: update CI link\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.14.1...v1.16.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for serve-static since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serve-static` from 1.14.1 to 1.16.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/serve-static/releases\"\u003eserve-static's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@~0.19.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/227\"\u003eexpressjs/serve-static#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.16.3 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/229\"\u003eexpressjs/serve-static#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.16.2...v1.16.3\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.16.2...v1.16.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eencodeurl@~2.0.0 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/180\"\u003eexpressjs/serve-static#180\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.16.1...v1.16.2\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.16.1...v1.16.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebump send to 0.19 by \u003ca href=\"https://github.com/tommasini\"\u003e\u003ccode\u003e@​tommasini\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/176\"\u003eexpressjs/serve-static#176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommasini\"\u003e\u003ccode\u003e@​tommasini\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/176\"\u003eexpressjs/serve-static#176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/1.16.0...v1.16.1\"\u003ehttps://github.com/expressjs/serve-static/compare/1.16.0...v1.16.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/173\"\u003eexpressjs/serve-static#173\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/173\"\u003eexpressjs/serve-static#173\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.18.0\n\u003cul\u003e\n\u003cli\u003eFix emitted 416 error missing headers property\u003c/li\u003e\n\u003cli\u003eLimit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: destroy@1.2.0\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.14.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.17.2\n\u003cul\u003e\n\u003cli\u003edeps: http-errors@1.8.1\u003c/li\u003e\n\u003cli\u003edeps: ms@2.1.3\u003c/li\u003e\n\u003cli\u003epref: ignore empty http tokens\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/serve-static/blob/master/HISTORY.md\"\u003eserve-static's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.16.3 / 2024-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@~0.19.1\n\u003cul\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.2 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.1 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.15.0 / 2022-03-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.18.0\n\u003cul\u003e\n\u003cli\u003eFix emitted 416 error missing headers property\u003c/li\u003e\n\u003cli\u003eLimit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: destroy@1.2.0\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.14.2 / 2021-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.17.2\n\u003cul\u003e\n\u003cli\u003edeps: http-errors@1.8.1\u003c/li\u003e\n\u003cli\u003edeps: ms@2.1.3\u003c/li\u003e\n\u003cli\u003epref: ignore empty http tokens\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/9acad22498aa5f95b6e887eae1ab9eae63657d8a\"\u003e\u003ccode\u003e9acad22\u003c/code\u003e\u003c/a\u003e 1.16.3 (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/52dc97d9d3a0269266d005b79eeac295d0a5a895\"\u003e\u003ccode\u003e52dc97d\u003c/code\u003e\u003c/a\u003e deps: send@~0.19.1 and upgrade Node.js versions on the CI  (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/issues/227\"\u003e#227\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/ec9c5ecfb09368519e4698ffbbe1882de00d0ef2\"\u003e\u003ccode\u003eec9c5ec\u003c/code\u003e\u003c/a\u003e 1.16.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/f454d37c68fdad04b582cb9ac0cd165ab6d19114\"\u003e\u003ccode\u003ef454d37\u003c/code\u003e\u003c/a\u003e fix(deps): encodeurl@~2.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/77a8255688cc4affc70e6dc9aa02e3ced4957e77\"\u003e\u003ccode\u003e77a8255\u003c/code\u003e\u003c/a\u003e 1.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/4263f496876980c165a3104d087c1ebaa046ad3d\"\u003e\u003ccode\u003e4263f49\u003c/code\u003e\u003c/a\u003e fix(deps): send@0.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/48c73970b129b96cba448e792576ad89b1f9fbed\"\u003e\u003ccode\u003e48c7397\u003c/code\u003e\u003c/a\u003e 1.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b\"\u003e\u003ccode\u003e0c11fad\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/9b5a12a76f4d70530d2d2a8c7742e9158ed3c0a4\"\u003e\u003ccode\u003e9b5a12a\u003c/code\u003e\u003c/a\u003e 1.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/a39a0df51aa31f22b4947ade34fd90b14c7be1ea\"\u003e\u003ccode\u003ea39a0df\u003c/code\u003e\u003c/a\u003e docs: update CI link\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.14.1...v1.16.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for serve-static since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes bug when a pattern containing an expression after the closing parenthesis (\u003ccode\u003e/!(*.d).{ts,tsx}\u003c/code\u003e) was incorrectly converted to regexp (\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241ef\"\u003e9f241ef\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSome documentation improvements (\u003ca href=\"https://github.com/micromatch/picomatch/commit/f81d236\"\u003ef81d236\u003c/a\u003e, \u003ca href=\"https://github.com/micromatch/picomatch/commit/421e0e7\"\u003e421e0e7\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5467a5a9638472610de4f30709991b9a56bb5613\"\u003e\u003ccode\u003e5467a5a\u003c/code\u003e\u003c/a\u003e 2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241efedc15a21bcec1edafd43ee773ceb4bc35\"\u003e\u003ccode\u003e9f241ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/102\"\u003e#102\u003c/a\u003e from micromatch/ISSUE-93_incorrect_extglob_expanding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac3cb660ca76764627aa825676df59378dd60bcd\"\u003e\u003ccode\u003eac3cb66\u003c/code\u003e\u003c/a\u003e fix: support stars in negation extglobs with expression after closing parenth...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/719d348d8a01cf23c6c10568191c1ad5a3fc33e3\"\u003e\u003ccode\u003e719d348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/85\"\u003e#85\u003c/a\u003e from XhmikosR/codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac74e57b38a0d16de8e1752a62003e49c1622cec\"\u003e\u003ccode\u003eac74e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/91\"\u003e#91\u003c/a\u003e from XhmikosR/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.0...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.12.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate dependency versions across the root and 6 example apps to pick up security fixes and minor improvements. Notable changes include `axios` upgrades in the function-calling app and refreshed libraries for globbing and static file serving.\n\n- **Dependencies**\n  - `axios` → `^1.16.0` in `11-integrating-with-function-calling/typescript/function-app` (stricter size limits; adapter fixes). Also bumps `follow-redirects` and `proxy-from-env`.\n  - Globbing stack: `brace-expansion` → `1.1.15`/`2.1.1`, `minimatch` → `3.1.5`/`9.0.9`, `picomatch` → `2.3.2` (addresses ReDoS/CVEs).\n  - `lodash` → `4.18.1` (security and bug fixes).\n  - Static serving: `send` → `0.19.2`, `serve-static` → `1.16.3` (dependency updates incl. `encodeurl@~2.0.0`).\n  - `ansi-regex` → `4.1.1`/`5.0.1` (ReDoS fix).\n  - Minor patches: `@tootallnate/once` → `2.0.1`, `qs` → `6.15.2`.\n\n- **Migration**\n  - If you use the `axios` fetch adapter, `maxBodyLength` and `maxContentLength` are now enforced; adjust limits if needed. Run `npm ci` and smoke test HTTP calls and static file hosting flows.\n\n\u003csup\u003eWritten for commit 2ef687eca2eb0bca18e7def66432cce678f1c1fe. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/generative-ai-for-beginners/pull/2?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies across 6 TypeScript app directories\n\u003e Updates `package-lock.json` files across 6 TypeScript sample apps and bumps `axios` from `^1.12.0` to `^1.16.0` in [function-app/package.json](https://github.com/EmilynnJ/generative-ai-for-beginners/pull/2/files#diff-73386eaaba005f457c749d235af22257ca4ab75e08e7816ed776550549a11add).\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 2ef687e.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/generative-ai-for-beginners/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fgenerative-ai-for-beginners/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4553996724","node_id":"PR_kwDOQnoLB87g7I7c","number":1,"state":"open","title":"Bump the npm_and_yarn group across 2 directories with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:33:35.000Z","updated_at":"2026-05-30T09:34:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@modelcontextprotocol/sdk","old_version":"1.25.1","new_version":"1.26.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"next","old_version":"16.1.0","new_version":"16.2.6","repository_url":"https://github.com/vercel/next.js"},{"name":"next-intl","old_version":"4.6.1","new_version":"4.9.2","repository_url":"https://github.com/amannn/next-intl"},{"name":"yaml","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"defu","old_version":"6.1.4","new_version":"6.1.7","repository_url":"https://github.com/unjs/defu"},{"name":"effect","old_version":"3.18.4","new_version":"3.21.0","repository_url":"https://github.com/Effect-TS/effect"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"5.2.5","new_version":"5.7.3","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 4 updates in the /packages/prompts.chat directory: [picomatch](https://github.com/micromatch/picomatch), [postcss](https://github.com/postcss/postcss), [rollup](https://github.com/rollup/rollup) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.1` | `1.26.0` |\n| [next](https://github.com/vercel/next.js) | `16.1.0` | `16.2.6` |\n| [next-intl](https://github.com/amannn/next-intl) | `4.6.1` | `4.9.2` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` |\n| [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) | `3.18.4` | `3.21.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.2.5` | `5.7.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.54.0 to 4.60.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.60.4\u003c/h2\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.2\u003c/h2\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6346\"\u003e#6346\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6347\"\u003e#6347\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6348\"\u003e#6348\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6349\"\u003e#6349\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6350\"\u003e#6350\u003c/a\u003e: fix: reset variable render names between outputs in the same generate (\u003ca href=\"https://github.com/barry3406\"\u003e\u003ccode\u003e@​barry3406\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6351\"\u003e#6351\u003c/a\u003e: chore(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6352\"\u003e#6352\u003c/a\u003e: chore(deps): update cross-platform-actions/action action to v1 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6353\"\u003e#6353\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6354\"\u003e#6354\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6355\"\u003e#6355\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6356\"\u003e#6356\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6358\"\u003e#6358\u003c/a\u003e: chore: remove cross-env from devDeps (\u003ca href=\"https://github.com/K-tecchan\"\u003e\u003ccode\u003e@​K-tecchan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.1\u003c/h2\u003e\n\u003ch2\u003e4.60.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.3\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-04\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure nested \u0026quot;exports\u0026quot; variables are not renamed (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6360\"\u003e#6360\u003c/a\u003e: fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://github.com/tariqrafique\"\u003e\u003ccode\u003e@​tariqrafique\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6364\"\u003e#6364\u003c/a\u003e: chore(deps): update msys2/setup-msys2 digest to e989830 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6365\"\u003e#6365\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6366\"\u003e#6366\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6367\"\u003e#6367\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6368\"\u003e#6368\u003c/a\u003e: docs: add missing backticks in \u003ccode\u003eplugin-development\u003c/code\u003e (\u003ca href=\"https://github.com/lumirlumir\"\u003e\u003ccode\u003e@​lumirlumir\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d311a84b0bb4d4a6f50d19ffd2c29cca28660c88\"\u003e\u003ccode\u003ed311a84\u003c/code\u003e\u003c/a\u003e 4.60.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/6aa324854482e273b711972955d2d1b3bb445bcc\"\u003e\u003ccode\u003e6aa3248\u003c/code\u003e\u003c/a\u003e fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/82a0fe76b1372a2cf509fc4067d69f25569b83f5\"\u003e\u003ccode\u003e82a0fe7\u003c/code\u003e\u003c/a\u003e Resolve vulnerabilities (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6375\"\u003e#6375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/71f5ebc893d7ff76b5571d63b04ea2ed4a4ddd9d\"\u003e\u003ccode\u003e71f5ebc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6371\"\u003e#6371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/af91d778cdf564dd1ae1bfd6e92604ec031824a7\"\u003e\u003ccode\u003eaf91d77\u003c/code\u003e\u003c/a\u003e chore(deps): lock file maintenance (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6373\"\u003e#6373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/65e7b94ddda9f02334fa8f12ff6bf699c1f07833\"\u003e\u003ccode\u003e65e7b94\u003c/code\u003e\u003c/a\u003e chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6372\"\u003e#6372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/642587f3d9c5b4aa482a5027672f0fa8ea76da12\"\u003e\u003ccode\u003e642587f\u003c/code\u003e\u003c/a\u003e fix(deps): update minor/patch updates (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6370\"\u003e#6370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/b47bdabeccbb7aa1b1d4117f2f4a781a9f6de297\"\u003e\u003ccode\u003eb47bdab\u003c/code\u003e\u003c/a\u003e 4.60.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/15c5f33083c8c6b1b2cbae548124fffbba2553bb\"\u003e\u003ccode\u003e15c5f33\u003c/code\u003e\u003c/a\u003e Add again some unneeded dev dependencies, to make some builds succeed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/12195dcebbd21f0f2d91e26720cd053526edbfe3\"\u003e\u003ccode\u003e12195dc\u003c/code\u003e\u003c/a\u003e fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rollup/rollup/compare/v4.54.0...v4.60.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.0 to 7.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.2...v7.3.3\"\u003e7.3.3\u003c/a\u003e (2026-05-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid destructure lowering for newer safari (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22346\"\u003e#22346\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e5ab51c0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca31424cccb075c88131132b929a63527d0e2b69\"\u003e\u003ccode\u003eca31424\u003c/code\u003e\u003c/a\u003e release: v7.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e\u003ccode\u003e5ab51c0\u003c/code\u003e\u003c/a\u003e fix: avoid destructure lowering for newer safari (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22346\"\u003e#22346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.3/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.25.1 to 1.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.26.0\u003c/h2\u003e\n\u003cp\u003eAddresses \u0026quot;Sharing server/transport instances can leak cross-client response data\u0026quot; in this GHSA \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: bump v1.25.3 for backport fixes by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\"\u003emodelcontextprotocol/typescript-sdk#1412\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by \u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) by \u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.26.0 by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\"\u003emodelcontextprotocol/typescript-sdk#1479\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v1.x backport] Use correct schema for client sampling validation when tools are present by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\"\u003emodelcontextprotocol/typescript-sdk#1407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent Hono from overriding global Response object (v1.x) by \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\"\u003emodelcontextprotocol/typescript-sdk#1411\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: trigger workflow on v1.x branch by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\"\u003emodelcontextprotocol/typescript-sdk#1319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: README badges links destinations by \u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\"\u003emodelcontextprotocol/typescript-sdk#1365\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"\u003e\u003ccode\u003efe9c07b\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.26.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"\u003e\u003ccode\u003e4f01e7e\u003c/code\u003e\u003c/a\u003e fix: add non-null assertions for optional setupServer fields in stateful test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"\u003e\u003ccode\u003ea05be17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"\u003e\u003ccode\u003e50d9fa3\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\"\u003e#1442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"\u003e\u003ccode\u003eaa81a66\u003c/code\u003e\u003c/a\u003e fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"\u003e\u003ccode\u003e6aba065\u003c/code\u003e\u003c/a\u003e chore: bump v1.25.3 for backport fixes (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\"\u003e#1412\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"\u003e\u003ccode\u003e6e8f7e1\u003c/code\u003e\u003c/a\u003e fix: prevent Hono from overriding global Response object (v1.x) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\"\u003e#1411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"\u003e\u003ccode\u003e12ae856\u003c/code\u003e\u003c/a\u003e [v1.x backport] Use correct schema for client sampling validation when tools ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"\u003e\u003ccode\u003eb392f02\u003c/code\u003e\u003c/a\u003e fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\"\u003e#1365\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"\u003e\u003ccode\u003ea0c9b13\u003c/code\u003e\u003c/a\u003e fix: README badges links destinations (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\"\u003e#907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 16.1.0 to 16.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.6\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - \u003cstrong\u003eIncomplete Fix Follow-Up\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eModerate:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eLow:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve HTTP access fallbacks during prerender recovery (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92231\"\u003e#92231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fallback route params case in app-page handler (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91737\"\u003e#91737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix invalid HTML response for route-level RSC requests in deployment adapter (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91541\"\u003e#91541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePatch setHeader for direct route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93101\"\u003e#93101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude deployment id in \u003ccode\u003ecacheHandlers\u003c/code\u003e keys (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93453\"\u003e#93453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double-encoding of URL pathname parts in client param parsing (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93491\"\u003e#93491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev16.2.5\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ee6e79b1792a4d401ddf2480f40a83549fe8e722\"\u003e\u003ccode\u003eee6e79b\u003c/code\u003e\u003c/a\u003e v16.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/afa053d9eb9c2a68c7eba43e84fe6bed8babcd45\"\u003e\u003ccode\u003eafa053d\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/97a154e5bbee0cb1ac3fb8aa4db66ac36e796e3d\"\u003e\u003ccode\u003e97a154e\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/83899bc89103d4df1479e065c7c1e09d4698a7b6\"\u003e\u003ccode\u003e83899bc\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/7b222b90954d607fc28a34e9b360a9b1636bc206\"\u003e\u003ccode\u003e7b222b9\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93595\"\u003e#93595\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/a8dc24f1fe23d4a22d24fac734837f7c824138f7\"\u003e\u003ccode\u003ea8dc24f\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93587\"\u003e#93587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/766148f9cd48c0e218acafcd0f15defc14871bf4\"\u003e\u003ccode\u003e766148f\u003c/code\u003e\u003c/a\u003e v16.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/0dd94836a8b43209fcfefa448c141683c22c1a27\"\u003e\u003ccode\u003e0dd9483\u003c/code\u003e\u003c/a\u003e fix: add explicit checks for RSC header (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/83\"\u003e#83\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/98\"\u003e#98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d166096c399c4fc4e09cd2d1bf26dca6579a855d\"\u003e\u003ccode\u003ed166096\u003c/code\u003e\u003c/a\u003e fix proxy matching for segment prefetch URLs (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/89\"\u003e#89\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9d50c0b7190f59c470308578e12882788819f14c\"\u003e\u003ccode\u003e9d50c0b\u003c/code\u003e\u003c/a\u003e Strip next-resume header from incoming requests (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v16.1.0...v16.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next-intl` from 4.6.1 to 4.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/amannn/next-intl/releases\"\u003enext-intl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.9.2\u003c/h2\u003e\n\u003ch2\u003e4.9.2 (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003ec0bf0ee\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.9.1\u003c/h2\u003e\n\u003ch2\u003e4.9.1 (2026-04-10)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove middleware pathname validation (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2304\"\u003e#2304\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/1c80b668aa6d853f470319eec10a3f61e78a70e6\"\u003e1c80b66\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.9.0\u003c/h2\u003e\n\u003ch2\u003e4.9.0 (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003etransitionTypes\u003c/code\u003e on \u003ccode\u003eLink\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2302\"\u003e#2302\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/02811f5dd5f31753d742632082874b6e3e3667f6\"\u003e02811f5\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.8.4\u003c/h2\u003e\n\u003ch2\u003e4.8.4 (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove TypeScript peer dependency and update examples to TypeScript v6 (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2293\"\u003e#2293\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/5e7bcd743994f8a3ccfd904d7969f4543950cd0a\"\u003e5e7bcd7\u003c/a\u003e) – by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.8.3\u003c/h2\u003e\n\u003ch2\u003e4.8.3 (2026-02-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@formatjs/intl-localematcher\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2265\"\u003e#2265\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/196f1f3093fa629c8379c67ac1f67cf0f4906dc0\"\u003e196f1f3\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.8.2\u003c/h2\u003e\n\u003ch2\u003e4.8.2 (2026-02-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid throwing config errors for non-Next.js consumers of \u003ccode\u003enext.config.ts\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/f57800ecd43ab9ab928a6c3839e24fed68bc6d24\"\u003ef57800e\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.8.1\u003c/h2\u003e\n\u003ch2\u003e4.8.1 (2026-01-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eprecompile\u003c/code\u003e alias on Windows (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2237\"\u003e#2237\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/8e7151aec3a5d50ec7b431175fa89739c0238bb5\"\u003e8e7151a\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.8.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/amannn/next-intl/blob/main/CHANGELOG.md\"\u003enext-intl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.9.2 (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003ec0bf0ee\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.9.1 (2026-04-10)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove middleware pathname validation (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2304\"\u003e#2304\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/1c80b668aa6d853f470319eec10a3f61e78a70e6\"\u003e1c80b66\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.9.0 (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003etransitionTypes\u003c/code\u003e on \u003ccode\u003eLink\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2302\"\u003e#2302\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/02811f5dd5f31753d742632082874b6e3e3667f6\"\u003e02811f5\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.4 (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove TypeScript peer dependency and update examples to TypeScript v6 (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2293\"\u003e#2293\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/5e7bcd743994f8a3ccfd904d7969f4543950cd0a\"\u003e5e7bcd7\u003c/a\u003e) – by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.3 (2026-02-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@formatjs/intl-localematcher\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2265\"\u003e#2265\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/196f1f3093fa629c8379c67ac1f67cf0f4906dc0\"\u003e196f1f3\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.2 (2026-02-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid throwing config errors for non-Next.js consumers of \u003ccode\u003enext.config.ts\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/f57800ecd43ab9ab928a6c3839e24fed68bc6d24\"\u003ef57800e\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.1 (2026-01-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eprecompile\u003c/code\u003e alias on Windows (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2237\"\u003e#2237\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/8e7151aec3a5d50ec7b431175fa89739c0238bb5\"\u003e8e7151a\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.0 (2026-01-28)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAhead-of-time compilation for messages (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2220\"\u003e#2220\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/02149c19ee52a581fdc52f3160550bf957256488\"\u003e02149c1\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.7.0 (2026-01-01)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/e1b18258075017216165735212568c8f795e1660\"\u003e\u003ccode\u003ee1b1825\u003c/code\u003e\u003c/a\u003e v4.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003e\u003ccode\u003ec0bf0ee\u003c/code\u003e\u003c/a\u003e fix: Prototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/b4aa5380c50ad59a80d1dfdbc229590a4e0133a3\"\u003e\u003ccode\u003eb4aa538\u003c/code\u003e\u003c/a\u003e v4.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/1c80b668aa6d853f470319eec10a3f61e78a70e6\"\u003e\u003ccode\u003e1c80b66\u003c/code\u003e\u003c/a\u003e fix: Improve middleware pathname validation (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2304\"\u003e#2304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/b65f8c4e88ad3f2ac8df3443b6cdd66c08c19e60\"\u003e\u003ccode\u003eb65f8c4\u003c/code\u003e\u003c/a\u003e v4.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/02811f5dd5f31753d742632082874b6e3e3667f6\"\u003e\u003ccode\u003e02811f5\u003c/code\u003e\u003c/a\u003e feat: Support \u003ccode\u003etransitionTypes\u003c/code\u003e on \u003ccode\u003eLink\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2302\"\u003e#2302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/722785bc2d34f38949b8186c0282af88db38c2a5\"\u003e\u003ccode\u003e722785b\u003c/code\u003e\u003c/a\u003e v4.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/5e7bcd743994f8a3ccfd904d7969f4543950cd0a\"\u003e\u003ccode\u003e5e7bcd7\u003c/code\u003e\u003c/a\u003e fix: Remove TypeScript peer dependency and update examples to TypeScript v6 (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/c9d605131259d0533757063822fafb7d3584eca3\"\u003e\u003ccode\u003ec9d6051\u003c/code\u003e\u003c/a\u003e fix: Remove TypeScript peer dependency and update examples to TypeScript v6 (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/5be07b66dfc5842e27decced737ba9b0ab85377f\"\u003e\u003ccode\u003e5be07b6\u003c/code\u003e\u003c/a\u003e fix: Remove TypeScript peer dependency and update examples to TypeScript v6 (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/amannn/next-intl/compare/v4.6.1...v4.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.7 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(globals): Stop overwriting global.fetch by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/295\"\u003ehonojs/node-server#295\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-s...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade dependencies across the root app and `packages/prompts.chat` to apply security patches and improve build stability. Highlights: `next` 16.2.6, `@modelcontextprotocol/sdk` 1.26.0, and toolchain bumps (`rollup` 4.60.4, `vite` 7.3.3, `postcss` 8.5.15).\n\n- **Dependencies**\n  - `next` → 16.2.6: addresses multiple RSC, middleware, and image API advisories.\n  - `@modelcontextprotocol/sdk` → 1.26.0: fixes cross-client response leak.\n  - `next-intl` → 4.9.2: middleware pathname validation and prototype safety for precompiled messages.\n  - `picomatch` → 4.0.4/2.3.2: security fixes.\n  - `ajv` → 6.15.0: mitigations for `$data`/regexp exploit and prototype pollution.\n  - `@hono/node-server` → 1.19.14: static middleware bypass fixes and stability tweaks.\n  - `rollup` → 4.60.4, `vite` → 7.3.3, `postcss` → 8.5.15 (in `packages/prompts.chat`): stability and security fixes (chunk hash stability, path traversal, XSS/file read).\n  - Other patches: `yaml` → 2.8.3, `@aws-sdk/client-s3` → 3.1057.0, plus minor indirect bumps (`minimatch`, `defu`, `fast-xml-parser`, `flatted`, etc.).\n\n\u003csup\u003eWritten for commit a4b56a87c068f7a2db8bb174edd4ab80acd820d4. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/Spiritual--chatgpt-prompts/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies across root and `packages/prompts.chat` workspaces\n\u003e Updates 19 packages across two directories, including `@aws-sdk/client-s3` (3.948→3.1057), `@modelcontextprotocol/sdk` (1.24→1.26), `next` (16.0→16.2), `next-intl` (4.5→4.9), and `prisma` (6.19.0→6.19.3). Lockfiles are regenerated to match.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized a4b56a8.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/Spiritual--chatgpt-prompts/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2FSpiritual--chatgpt-prompts/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4553988597","node_id":"PR_kwDOQXH51s7g7Hd6","number":1,"state":"open","title":"Bump the npm_and_yarn group across 2 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:29:41.000Z","updated_at":"2026-05-30T09:30:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":7,"packages":[{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"diff","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"tmp","old_version":"0.2.3","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"uuid","old_version":"8.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the /rewrite-javascript/rewrite directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.7` |\n| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `14.0.0` |\n\nBumps the npm_and_yarn group with 1 update in the /rewrite-javascript/rewrite/.rewrite directory: [diff](https://github.com/kpdecker/jsdiff).\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.3 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.3...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 8.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 8.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate dependencies in rewrite-javascript to address security advisories and align with newer runtime requirements. Key upgrades include `diff` to 9.0.0, `picomatch` to 4.0.4, `lodash` to 4.18.1, and `uuid` to 14.0.0.\n\n- **Dependencies**\n  - Major: `diff` 7→9 (ES5 dropped, Git-style patch support, stricter parsing), `uuid` 8→14 (requires Node 20+), `jest-junit` 16→17 (Node 20+).\n  - Security/patch bumps: `picomatch` 4.0.4, `minimatch` 3.1.5/5.1.9, `js-yaml` 3.14.2, `lodash` 4.18.1, `tmp` 0.2.7.\n  - Tooling (.rewrite): `@openrewrite/recipes-npm` ^0.3.0 and `diff` 8.0.4.\n\n- **Migration**\n  - Ensure CI and local dev use Node 20+ (required by `uuid` 14 and `jest-junit` 17).\n  - If code relies on legacy `diff` parsing/formatting, re-run tests to catch behavior changes.\n\n\u003csup\u003eWritten for commit c6415b32f18733378eea66e1d48920454e5aacae. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/rewrite/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump `diff`, `jest-junit`, and `@openrewrite/recipes-npm` npm dependencies\n\u003e - Updates `diff` from `^7.0.0` to `^9.0.0` and `jest-junit` from `^16.0.0` to `^17.0.0` in [rewrite-javascript/rewrite/package.json](https://github.com/EmilynnJ/rewrite/pull/1/files#diff-dea5a34188cebd1bad49b0b122a0d15cc6ca27bb7bc6938597c533ac08f01ea0)\n\u003e - Updates `@openrewrite/recipes-npm` from `^0.1.9` to `^0.3.0` in [rewrite-javascript/rewrite/.rewrite/package.json](https://github.com/EmilynnJ/rewrite/pull/1/files#diff-19749b9e1aaded809330d96c1b07992926a87e7e6c7f8bbb8caa43149ceabeaf)\n\u003e - Lockfiles are updated accordingly in both directories\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized c6415b3.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/rewrite/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Frewrite/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4552542338","node_id":"PR_kwDOB6BcMc7g2kM3","number":745,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T00:45:11.000Z","updated_at":"2026-05-30T00:46:04.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"axios","old_version":"1.7.2","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"axios","old_version":"1.12.0","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"next","old_version":"15.5.9","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"qs","old_version":"6.10.4","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"validator","old_version":"13.0.0","new_version":"13.15.22","repository_url":"https://github.com/validatorjs/validator.js"},{"name":"sanitize-html","old_version":"2.17.3","new_version":"2.17.4","repository_url":"https://github.com/apostrophecms/apostrophe"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"uuid","old_version":"9.0.1","new_version":"removed","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"i18next-fs-backend","old_version":"1.2.0","new_version":"removed","repository_url":"https://github.com/i18next/i18next-fs-backend"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.5.4","new_version":"7.6.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"tar-fs","old_version":"2.1.3","new_version":"2.1.4","repository_url":"https://github.com/mafintosh/tar-fs"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.2` | `1.16.1` |\n| [axios](https://github.com/axios/axios) | `1.12.0` | `1.16.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [next](https://github.com/vercel/next.js) | `15.5.9` | `15.5.18` |\n| [qs](https://github.com/ljharb/qs) | `6.10.4` | `6.15.2` |\n| [validator](https://github.com/validatorjs/validator.js) | `13.0.0` | `13.15.22` |\n| [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `2.17.3` | `2.17.4` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `removed` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [i18next-fs-backend](https://github.com/i18next/i18next-fs-backend) | `1.2.0` | `removed` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.3` | `2.1.4` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\n\nUpdates `axios` from 1.7.2 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.2...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.12.0 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.2...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.5.9 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.5.9...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.10.4 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.10.4...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `validator` from 13.0.0 to 13.15.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/validatorjs/validator.js/releases\"\u003evalidator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e13.15.22\u003c/h2\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2622\"\u003e#2622\u003c/a\u003e \u003ccode\u003eisURL\u003c/code\u003e: fix regression with hostnames with ports \u003ca href=\"https://github.com/mbtools\"\u003e\u003ccode\u003e@​mbtools\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2616\"\u003e#2616\u003c/a\u003e \u003ccode\u003eisLength\u003c/code\u003e: improve handling Unicode variation selectors \u003ca href=\"https://github.com/koral\"\u003e\u003ccode\u003e@​koral\u003c/code\u003e\u003c/a\u003e--\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2621\"\u003e#2621\u003c/a\u003e \u003ca href=\"https://github.com/mbtools\"\u003e\u003ccode\u003e@​mbtools\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbtools\"\u003e\u003ccode\u003e@​mbtools\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2622\"\u003evalidatorjs/validator.js#2622\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koral\"\u003e\u003ccode\u003e@​koral\u003c/code\u003e\u003c/a\u003e-- made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2616\"\u003evalidatorjs/validator.js#2616\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22\"\u003ehttps://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e13.15.20\u003c/h2\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2556\"\u003e#2556\u003c/a\u003e \u003ccode\u003eisMobilePhone\u003c/code\u003e: add \u003ccode\u003ear-QA\u003c/code\u003e locale \u003ca href=\"https://github.com/WardKhaddour\"\u003e\u003ccode\u003e@​WardKhaddour\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2576\"\u003e#2576\u003c/a\u003e \u003ccode\u003eisAlpha\u003c/code\u003e/\u003ccode\u003eisAlphanuneric\u003c/code\u003e: add Indic locales (\u003ccode\u003eta-IN\u003c/code\u003e, \u003ccode\u003ete-IN\u003c/code\u003e, \u003ccode\u003ekn-IN\u003c/code\u003e, \u003ccode\u003eml-IN\u003c/code\u003e, \u003ccode\u003egu-IN\u003c/code\u003e, \u003ccode\u003epa-IN\u003c/code\u003e, \u003ccode\u003eor-IN\u003c/code\u003e) \u003ca href=\"https://github.com/avadootharajesh\"\u003e\u003ccode\u003e@​avadootharajesh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2574\"\u003e#2574\u003c/a\u003e \u003ccode\u003eisBase64\u003c/code\u003e: improve padding regex \u003ca href=\"https://github.com/KrayzeeKev\"\u003e\u003ccode\u003e@​KrayzeeKev\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2584\"\u003e#2584\u003c/a\u003e \u003ccode\u003eisVAT\u003c/code\u003e: improve \u003ccode\u003eFR\u003c/code\u003e locale \u003ca href=\"https://github.com/iamAmer\"\u003e\u003ccode\u003e@​iamAmer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2608\"\u003e#2608\u003c/a\u003e \u003ccode\u003eisURL\u003c/code\u003e: improve protocol detection. Resolves CVE-2025-56200 \u003ca href=\"https://github.com/theofidry\"\u003e\u003ccode\u003e@​theofidry\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2563\"\u003e#2563\u003c/a\u003e \u003ca href=\"https://github.com/stoneLeaf\"\u003e\u003ccode\u003e@​stoneLeaf\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2581\"\u003e#2581\u003c/a\u003e \u003ca href=\"https://github.com/camillobruni\"\u003e\u003ccode\u003e@​camillobruni\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stoneLeaf\"\u003e\u003ccode\u003e@​stoneLeaf\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2563\"\u003evalidatorjs/validator.js#2563\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WardKhaddour\"\u003e\u003ccode\u003e@​WardKhaddour\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2556\"\u003evalidatorjs/validator.js#2556\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avadootharajesh\"\u003e\u003ccode\u003e@​avadootharajesh\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2576\"\u003evalidatorjs/validator.js#2576\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/KrayzeeKev\"\u003e\u003ccode\u003e@​KrayzeeKev\u003c/code\u003e\u003c/a\u003e made their first contributi...\n\n_Description has been truncated_","html_url":"https://github.com/NYPL/nypl-library-card-app/pull/745","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NYPL%2Fnypl-library-card-app/issues/745","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/745/packages"},{"uuid":"4552143701","node_id":"PR_kwDOBxbanc7g1STz","number":155,"state":"closed","title":"Bump minimatch","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-29T23:13:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T23:01:26.000Z","updated_at":"2026-05-30T01:03:45.000Z","time_to_close":716,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"}],"path":null,"ecosystem":"npm"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps  and [minimatch](https://github.com/isaacs/minimatch). These dependencies needed to be updated together.\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.3 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mechazawa/minidrone-js/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Mechazawa/minidrone-js/pull/155","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mechazawa%2Fminidrone-js/issues/155","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/155/packages"},{"uuid":"4551480216","node_id":"PR_kwDOOfZVoc7gzJEk","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T20:38:54.000Z","updated_at":"2026-05-29T20:40:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":13,"packages":[{"name":"axios","old_version":"1.6.8","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"next","old_version":"15.1.1","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"nodemailer","old_version":"6.9.15","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"postcss","old_version":"8.4.31","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"braces","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/micromatch/braces"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.2","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"immutable","old_version":"4.3.4","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.6.8` | `1.16.0` |\n| [next](https://github.com/vercel/next.js) | `15.1.1` | `15.5.18` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `6.9.15` | `8.0.5` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.15` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.4` | `4.3.8` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `axios` from 1.6.8 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.6.8...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.1.1 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.1.1...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nodemailer` from 6.9.15 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/releases\"\u003enodemailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4\"\u003e8.0.4\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esanitize envelope size to prevent SMTP command injection (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651\"\u003e2d7b971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3\"\u003e8.0.3\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclean up addressparser and fix group name fallback producing undefined (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd\"\u003e9d55877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix cookie bugs, remove dead code, and improve hot-path efficiency (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524\"\u003ee8c8b92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor smtp-connection for clarity and add Node.js 6 syntax compat test (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7\"\u003ec5b48ea\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove familySupportCache that broke DNS resolution tests (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa\"\u003ec803d90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.1...v8.0.2\"\u003e8.0.2\u003c/a\u003e (2026-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emerge fragmented display names with unquoted commas in addressparser (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/fe27f7fd57f7587d897274438da2f628ad0ad7d9\"\u003efe27f7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.0...v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-02-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/7f8dde41438c66b8311e888fa5f8c518fcaba6f1\"\u003e7f8dde4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/381f628d55e62bb3131bd2a452fa1ce00bc48aea\"\u003e381f628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Gmail Workspace service configuration (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1787\"\u003e#1787\u003c/a\u003e) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/dc97ede417b3030b311771541b1f17f5ca76bcbf\"\u003edc97ede\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v7.0.13...v8.0.0\"\u003e8.0.0\u003c/a\u003e (2026-02-04)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md\"\u003enodemailer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4\"\u003e8.0.4\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esanitize envelope size to prevent SMTP command injection (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651\"\u003e2d7b971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3\"\u003e8.0.3\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclean up addressparser and fix group name fallback producing undefined (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd\"\u003e9d55877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix cookie bugs, remove dead code, and improve hot-path efficiency (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524\"\u003ee8c8b92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor smtp-connection for clarity and add Node.js 6 syntax compat test (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7\"\u003ec5b48ea\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove familySupportCache that broke DNS resolution tests (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa\"\u003ec803d90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.1...v8.0.2\"\u003e8.0.2\u003c/a\u003e (2026-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emerge fragmented display names with unquoted commas in addressparser (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/fe27f7fd57f7587d897274438da2f628ad0ad7d9\"\u003efe27f7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.0...v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-02-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/7f8dde41438c66b8311e888fa5f8c518fcaba6f1\"\u003e7f8dde4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/381f628d55e62bb3131bd2a452fa1ce00bc48aea\"\u003e381f628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Gmail Workspace service configuration (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1787\"\u003e#1787\u003c/a\u003e) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/dc97ede417b3030b311771541b1f17f5ca76bcbf\"\u003edc97ede\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v7.0.13...v8.0.0\"\u003e8.0.0\u003c/a\u003e (2026-02-04)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eError code 'NoAuth' renamed to 'ENOAUTH'\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/202cfb3e14010223204e9ba9f7430176be624f0f\"\u003e\u003ccode\u003e202cfb3\u003c/code\u003e\u003c/a\u003e chore(master): release 8.0.5 (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1809\"\u003e#1809\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/b634abf05959edcc7207cdaba2c6541f92994cbb\"\u003e\u003ccode\u003eb634abf\u003c/code\u003e\u003c/a\u003e docs: add CLAUDE.md with project conventions and release process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e\u003ccode\u003e95876b1\u003c/code\u003e\u003c/a\u003e fix: decode SMTP server responses as UTF-8 at line boundary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e\u003ccode\u003e0a43876\u003c/code\u003e\u003c/a\u003e fix: sanitize CRLF in transport name option to prevent SMTP command injection...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/08e59e64d0f8595fa535f07061787e0946372657\"\u003e\u003ccode\u003e08e59e6\u003c/code\u003e\u003c/a\u003e chore: update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d319753c34d2f0ced24d8eb1d7d866d965f59f4\"\u003e\u003ccode\u003e2d31975\u003c/code\u003e\u003c/a\u003e chore(master): release 8.0.4 (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1806\"\u003e#1806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651\"\u003e\u003ccode\u003e2d7b971\u003c/code\u003e\u003c/a\u003e fix: sanitize envelope size to prevent SMTP command injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/4e702e97650aaff442a7bc040957ba9c53c614b8\"\u003e\u003ccode\u003e4e702e9\u003c/code\u003e\u003c/a\u003e chore(master): release 8.0.3 (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1804\"\u003e#1804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa\"\u003e\u003ccode\u003ec803d90\u003c/code\u003e\u003c/a\u003e fix: remove familySupportCache that broke DNS resolution tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524\"\u003e\u003ccode\u003ee8c8b92\u003c/code\u003e\u003c/a\u003e fix: fix cookie bugs, remove dead code, and improve hot-path efficiency\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v6.9.15...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for nodemailer since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.31 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.31...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `braces` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/74b2db2938fad48a2ea54a9c8bf27a37a62c350d\"\u003e\u003ccode\u003e74b2db2\u003c/code\u003e\u003c/a\u003e 3.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/88f1429a0f47e1dd3813de35211fc97ffda27f9e\"\u003e\u003ccode\u003e88f1429\u003c/code\u003e\u003c/a\u003e update eslint. lint, fix unit tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff\"\u003e\u003ccode\u003e415d660\u003c/code\u003e\u003c/a\u003e Snyk js braces 6838727 (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/190510f79db1adf21d92798b0bb6fccc1f72c9d6\"\u003e\u003ccode\u003e190510f\u003c/code\u003e\u003c/a\u003e fix tests, skip 1 test in test/braces.expand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/716eb9f12d820b145a831ad678618731927e8856\"\u003e\u003ccode\u003e716eb9f\u003c/code\u003e\u003c/a\u003e readme bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/a5851e57f45c3431a94d83fc565754bc10f5bbc3\"\u003e\u003ccode\u003ea5851e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/braces/issues/37\"\u003e#37\u003c/a\u003e from coderaiser/fix/vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/2092bd1fb108d2c59bd62e243b70ad98db961538\"\u003e\u003ccode\u003e2092bd1\u003c/code\u003e\u003c/a\u003e feature: braces: add maxSymbols (\u003ca href=\"https://github.com/micromatch/braces/issues/\"\u003ehttps://github.com/micromatch/braces/issues/\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3\"\u003e\u003ccode\u003e9f5b4cf\u003c/code\u003e\u003c/a\u003e fix: vulnerability (\u003ca href=\"https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\"\u003ehttps://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/98414f9f1fabe021736e26836d8306d5de747e0d\"\u003e\u003ccode\u003e98414f9\u003c/code\u003e\u003c/a\u003e remove funding file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/665ab5d561c017a38ba7aafd92cc6655b91d8c14\"\u003e\u003ccode\u003e665ab5d\u003c/code\u003e\u003c/a\u003e update keepEscaping doc (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/27\"\u003e#27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/braces/compare/3.0.2...3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.2 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.2...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.6 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.6...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 4.0.0 to 4.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/releases\"\u003eform-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4\"\u003ev4.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/811f68282fab0315209d0e2d1c44b6c32ea0d479\"\u003e\u003ccode\u003e811f682\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/1d11a76434d101f22fdb26b8aef8615f28b98402\"\u003e\u003ccode\u003e1d11a76\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0\"\u003e\u003ccode\u003e3d17230\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] fix linting errors \u003ca href=\"https://github.com/form-data/form-data/commit/5e340800b5f8914213e4e0378c084aae71cfd73a\"\u003e\u003ccode\u003e5e34080\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/316c82ba93fd4985af757b771b9a1f26d3b709ef\"\u003e\u003ccode\u003e316c82b\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/58c25d76406a5b0dfdf54045cf252563f2bbda8d\"\u003e\u003ccode\u003e58c25d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/2300ca19595b0ee96431e868fe2a40db79e41c61\"\u003e\u003ccode\u003e2300ca1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v4.0.2...v4.0.3\"\u003ev4.0.3\u003c/a\u003e - 2025-06-05\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] use a shared config \u003ca href=\"https://github.com/form-data/form-data/commit/426ba9ac440f95d1998dac9a5cd8d738043b048f\"\u003e\u003ccode\u003e426ba9a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix some spacing issues \u003ca href=\"https://github.com/form-data/form-data/commit/20941917f0e9487e68c564ebc3157e23609e2939\"\u003e\u003ccode\u003e2094191\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/81ab41b46fdf34f5d89d7ff30b513b0925febfaa\"\u003e\u003ccode\u003e81ab41b\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/8d8e4693093519f7f18e3c597d1e8df8c493de9e\"\u003e\u003ccode\u003e8d8e469\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/837b8a1f7562bfb8bda74f3fc538adb7a5858995\"\u003e\u003ccode\u003e837b8a1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/870e4e665935e701bf983a051244ab928e62d58e\"\u003e\u003ccode\u003e870e4e6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/e6e83ccb545a5619ed6cd04f31d5c2f655eb633e\"\u003e\u003ccode\u003ee6e83cc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/4066fd6f65992b62fa324a6474a9292a4f88c916\"\u003e\u003ccode\u003e4066fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/c4bbb13c0ef669916657bc129341301b1d331d75\"\u003e\u003ccode\u003ec4bbb13\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v4.0.1...v4.0.2\"\u003ev4.0.2\u003c/a\u003e - 2025-02-14\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix (npmignore): ignore temporary build files \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/532\"\u003e\u003ccode\u003e[#532](https://github.com/form-data/form-data/issues/532)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix (npmignore): ignore temporary build files \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/532\"\u003e\u003ccode\u003e[#532](https://github.com/form-data/form-data/issues/532)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v4.0.4...v4.0.5\"\u003ev4.0.5\u003c/a\u003e - 2025-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] Switch to newer v8 prediction library; enable node 24 testing \u003ca href=\"https://github.com/form-data/form-data/commit/16e00765342106876f98a1c9703314006c9e937a\"\u003e\u003ccode\u003e16e0076\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/5822467f0ec21f6ad613c1c90856375e498793c7\"\u003e\u003ccode\u003e5822467\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] set Symbol.toStringTag in the proper place \u003ca href=\"https://github.com/form-data/form-data/commit/76d0dee43933b5e167f7f09e5d9cbbd1cf911a...\n\n_Description has been truncated_","html_url":"https://github.com/harsh-mahobia/latest-portfolio/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/harsh-mahobia%2Flatest-portfolio/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}],"issue_packages":[{"old_version":"10.1.1","new_version":"10.2.5","update_type":"minor","path":null,"pr_created_at":"2026-06-01T02:36:06.000Z","version_change":"10.1.1 → 10.2.5","issue":{"uuid":"4559914337","node_id":"PR_kwDOShUDyc7hMyRo","number":3,"state":"open","title":"chore(deps): bump the production-dependencies group across 1 directory with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T02:36:06.000Z","updated_at":"2026-06-01T02:37:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"production-dependencies","update_count":24,"packages":[{"name":"@clack/prompts","old_version":"0.11.0","new_version":"1.5.0","repository_url":"https://github.com/bombshell-dev/clack"},{"name":"@floating-ui/dom","old_version":"1.7.4","new_version":"1.7.6","repository_url":"https://github.com/floating-ui/floating-ui"},{"name":"esbuild-sass-plugin","old_version":"3.6.0","new_version":"3.7.0","repository_url":"https://github.com/glromeo/esbuild-sass-plugin"},{"name":"flexsearch","old_version":"0.8.205","new_version":"0.8.212","repository_url":"https://github.com/nextapps-de/flexsearch"},{"name":"globby","old_version":"16.1.0","new_version":"16.2.0","repository_url":"https://github.com/sindresorhus/globby"},{"name":"js-yaml","old_version":"4.1.1","new_version":"4.2.0","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"lightningcss","old_version":"1.31.1","new_version":"1.32.0","repository_url":"https://github.com/parcel-bundler/lightningcss"},{"name":"minimatch","old_version":"10.1.1","new_version":"10.2.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"pixi.js","old_version":"8.15.0","new_version":"8.18.1","repository_url":"https://github.com/pixijs/pixijs"},{"name":"preact","old_version":"10.28.2","new_version":"10.29.2","repository_url":"https://github.com/preactjs/preact"},{"name":"preact-render-to-string","old_version":"6.6.5","new_version":"6.7.0","repository_url":"https://github.com/preactjs/preact-render-to-string"},{"name":"rehype-citation","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/timlrx/rehype-citation"},{"name":"rehype-pretty-code","old_version":"0.14.1","new_version":"0.14.3","repository_url":"https://github.com/rehype-pretty/rehype-pretty-code"},{"name":"satori","old_version":"0.19.1","new_version":"0.26.0","repository_url":"https://github.com/vercel/satori"},{"name":"serve-handler","old_version":"6.1.6","new_version":"6.1.7","repository_url":"https://github.com/vercel/serve-handler"},{"name":"shiki","old_version":"1.26.2","new_version":"4.1.0","repository_url":"https://github.com/shikijs/shiki"},{"name":"toml","old_version":"3.0.0","new_version":"4.1.1","repository_url":"https://github.com/BinaryMuse/toml-node"},{"name":"workerpool","old_version":"10.0.1","new_version":"10.0.2","repository_url":"https://github.com/josdejong/workerpool"},{"name":"ws","old_version":"8.19.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"@types/node","old_version":"25.0.10","new_version":"25.9.1","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.3","repository_url":"https://github.com/prettier/prettier"},{"name":"tsx","old_version":"4.21.0","new_version":"4.22.4","repository_url":"https://github.com/privatenumber/tsx"},{"name":"typescript","old_version":"5.9.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the production-dependencies group with 23 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts) | `0.11.0` | `1.5.0` |\n| [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) | `1.7.4` | `1.7.6` |\n| [esbuild-sass-plugin](https://github.com/glromeo/esbuild-sass-plugin) | `3.6.0` | `3.7.0` |\n| [flexsearch](https://github.com/nextapps-de/flexsearch) | `0.8.205` | `0.8.212` |\n| [globby](https://github.com/sindresorhus/globby) | `16.1.0` | `16.2.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |\n| [lightningcss](https://github.com/parcel-bundler/lightningcss) | `1.31.1` | `1.32.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `10.1.1` | `10.2.5` |\n| [pixi.js](https://github.com/pixijs/pixijs) | `8.15.0` | `8.18.1` |\n| [preact](https://github.com/preactjs/preact) | `10.28.2` | `10.29.2` |\n| [preact-render-to-string](https://github.com/preactjs/preact-render-to-string) | `6.6.5` | `6.7.0` |\n| [rehype-citation](https://github.com/timlrx/rehype-citation) | `2.3.1` | `2.3.2` |\n| [rehype-pretty-code](https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core) | `0.14.1` | `0.14.3` |\n| [satori](https://github.com/vercel/satori) | `0.19.1` | `0.26.0` |\n| [serve-handler](https://github.com/vercel/serve-handler) | `6.1.6` | `6.1.7` |\n| [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) | `1.26.2` | `4.1.0` |\n| [toml](https://github.com/BinaryMuse/toml-node) | `3.0.0` | `4.1.1` |\n| [workerpool](https://github.com/josdejong/workerpool) | `10.0.1` | `10.0.2` |\n| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.21.0` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.10` | `25.9.1` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |\n| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.4` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |\n\n\nUpdates `@clack/prompts` from 0.11.0 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bombshell-dev/clack/releases\"\u003e@​clack/prompts's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/543\"\u003e#543\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/florian-lefebvre\"\u003e\u003ccode\u003e@​florian-lefebvre\u003c/code\u003e\u003c/a\u003e! - Adds support for Standard Schema validation\u003c/p\u003e\n\u003cp\u003ePrompts accept an optional \u003ccode\u003evalidate()\u003c/code\u003e function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.\u003c/p\u003e\n\u003cp\u003eLibraries following the \u003ca href=\"https://github.com/standard-schema/standard-schema\"\u003eStandard Schema specification\u003c/a\u003e are now natively supported. For example, using \u003ca href=\"https://arktype.io/\"\u003eArktype\u003c/a\u003e:\u003c/p\u003e\n\u003cpre lang=\"diff\"\u003e\u003ccode\u003eimport { text } from '@clack/prompts';\nimport { type } from 'arktype';\n\u003cp\u003econst name = await text({\nmessage: 'Enter your email',\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003evalidate: type('string.email').describe('Invalid email'),\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/542\"\u003e#542\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/534\"\u003e#534\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/MattStypa\"\u003e\u003ccode\u003e@​MattStypa\u003c/code\u003e\u003c/a\u003e! - Fixed spaces and uppercase characters in multiline prompt\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/540\"\u003e#540\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e284677e: Support scrolling and \u003ccode\u003emaxItems\u003c/code\u003e option for \u003ccode\u003egroupMultiselect\u003c/code\u003e, and removes indent when \u003ccode\u003ewithGuide\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eaab46a2: docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts\u003c/li\u003e\n\u003cli\u003e54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [54be8d7]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eea5702e: fix: add engines field expressing node \u0026gt;=20.12 requirement\u003c/li\u003e\n\u003cli\u003e814ab9a: Add new multiline prompt for multi-line text input.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md\"\u003e@​clack/prompts's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/543\"\u003e#543\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/florian-lefebvre\"\u003e\u003ccode\u003e@​florian-lefebvre\u003c/code\u003e\u003c/a\u003e! - Adds support for Standard Schema validation\u003c/p\u003e\n\u003cp\u003ePrompts accept an optional \u003ccode\u003evalidate()\u003c/code\u003e function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.\u003c/p\u003e\n\u003cp\u003eLibraries following the \u003ca href=\"https://github.com/standard-schema/standard-schema\"\u003eStandard Schema specification\u003c/a\u003e are now natively supported. For example, using \u003ca href=\"https://arktype.io/\"\u003eArktype\u003c/a\u003e:\u003c/p\u003e\n\u003cpre lang=\"diff\"\u003e\u003ccode\u003eimport { text } from '@clack/prompts';\nimport { type } from 'arktype';\n\u003cp\u003econst name = await text({\nmessage: 'Enter your email',\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003evalidate: type('string.email').describe('Invalid email'),\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/542\"\u003e#542\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/534\"\u003e#534\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/MattStypa\"\u003e\u003ccode\u003e@​MattStypa\u003c/code\u003e\u003c/a\u003e! - Fixed spaces and uppercase characters in multiline prompt\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/540\"\u003e#540\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e284677e: Support scrolling and \u003ccode\u003emaxItems\u003c/code\u003e option for \u003ccode\u003egroupMultiselect\u003c/code\u003e, and removes indent when \u003ccode\u003ewithGuide\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eaab46a2: docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts\u003c/li\u003e\n\u003cli\u003e54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [54be8d7]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.3.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eea5702e: fix: add engines field expressing node \u0026gt;=20.12 requirement\u003c/li\u003e\n\u003cli\u003e814ab9a: Add new multiline prompt for multi-line text input.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/030ba4d776e5985050c0e2712da7008bd93b8847\"\u003e\u003ccode\u003e030ba4d\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/539\"\u003e#539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e feat: standard schema for validation (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/542\"\u003e#542\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/540\"\u003e#540\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e fix: spaces and uppercase characters in multiline input (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/534\"\u003e#534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/fe2bcd278635fc0aaf2482ed0aea82d57ae1c421\"\u003e\u003ccode\u003efe2bcd2\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/aab46a2a7ed85627743bdbf0da30acc8b2ace385\"\u003e\u003ccode\u003eaab46a2\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/523\"\u003e#523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/54be8d7a75c952b2157e94a78f70d40fa2d5321e\"\u003e\u003ccode\u003e54be8d7\u003c/code\u003e\u003c/a\u003e fix: trim lines from correct end (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/532\"\u003e#532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/284677eaae0c461dafccfe1eb3e8c32fcebd6bbf\"\u003e\u003ccode\u003e284677e\u003c/code\u003e\u003c/a\u003e feat(prompts): support maxItems in groupMultiselect (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/528\"\u003e#528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/05bfd4353592016cf3f4c941f663fab84c14edb2\"\u003e\u003ccode\u003e05bfd43\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.5.0/packages/prompts\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​clack/prompts\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@floating-ui/dom` from 1.7.4 to 1.7.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/floating-ui/floating-ui/releases\"\u003e@​floating-ui/dom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​floating-ui/dom\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.7.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type contains \u003ccode\u003edetectOverflow\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003eperf: bundle and runtime improvements\u003c/li\u003e\n\u003cli\u003efeat(autoUpdate): allow not passing a floating element\u003c/li\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/utils@0.2.11\u003c/code\u003e, \u003ccode\u003e@floating-ui/core@1.7.5\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md\"\u003e@​floating-ui/dom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.7.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type contains \u003ccode\u003edetectOverflow\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003eperf: bundle and runtime improvements\u003c/li\u003e\n\u003cli\u003efeat(autoUpdate): allow not passing a floating element\u003c/li\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/utils@0.2.11\u003c/code\u003e, \u003ccode\u003e@floating-ui/core@1.7.5\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.5\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/core@1.7.4\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/d8020ee98c702caa31fa9b4d929ca782c6b58c59\"\u003e\u003ccode\u003ed8020ee\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3445\"\u003e#3445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/6e63557c89af9b92f50635cdc993a4b7bbcd9345\"\u003e\u003ccode\u003e6e63557\u003c/code\u003e\u003c/a\u003e feat(autoUpdate): allow not passing a floating element (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3399\"\u003e#3399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/473aa1e2ff22594ed782842d2d9e816a982188cc\"\u003e\u003ccode\u003e473aa1e\u003c/code\u003e\u003c/a\u003e perf: bundle and runtime improvements (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3448\"\u003e#3448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/a82e45f175bb1a518d3934d747c1b767f558d171\"\u003e\u003ccode\u003ea82e45f\u003c/code\u003e\u003c/a\u003e fix(utils): stop treating \u003ccode\u003econtainer-type\u003c/code\u003e as creating containing block (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3437\"\u003e#3437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/eedda374962cc3fd6c5add6b6cd54b0bea9baa60\"\u003e\u003ccode\u003eeedda37\u003c/code\u003e\u003c/a\u003e fix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type includes \u003ccode\u003edetectOverflow\u003c/code\u003e type (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/b4d1407cbda07ef13bcac24ee0b3ac67216c9c57\"\u003e\u003ccode\u003eb4d1407\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3415\"\u003e#3415\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.7.6/packages/dom\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​floating-ui/dom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild-sass-plugin` from 3.6.0 to 3.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/glromeo/esbuild-sass-plugin/releases\"\u003eesbuild-sass-plugin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.7.0 Hasta la vista\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/glromeo/esbuild-sass-plugin/commits/v3.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flexsearch` from 0.8.205 to 0.8.212\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nextapps-de/flexsearch/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `globby` from 16.1.0 to 16.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/globby/releases\"\u003eglobby's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/sindresorhus/globby?tab=readme-ov-file#globalgitignore\"\u003e\u003ccode\u003eglobalGitignore\u003c/code\u003e\u003c/a\u003e option  51555b2\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.1...v16.2.0\"\u003ehttps://github.com/sindresorhus/globby/compare/v16.1.1...v16.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev16.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix negation patterns with absolute filesystem paths  72e9916\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.0...v16.1.1\"\u003ehttps://github.com/sindresorhus/globby/compare/v16.1.0...v16.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/60e816778abd4fc805d8ce2e981567759b035504\"\u003e\u003ccode\u003e60e8167\u003c/code\u003e\u003c/a\u003e 16.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/51555b26d780002f2fe7b2aaddc45f36d8ad339d\"\u003e\u003ccode\u003e51555b2\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eglobalGitignore\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/8d946e288354c8ed87e7848e8a9f684c4b840f28\"\u003e\u003ccode\u003e8d946e2\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/ff45aa5140eaf6c9e6637fdbfa19ec23d55bd388\"\u003e\u003ccode\u003eff45aa5\u003c/code\u003e\u003c/a\u003e 16.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/72e991615df2da0ff3c12980ddfcdc60e4848f6f\"\u003e\u003ccode\u003e72e9916\u003c/code\u003e\u003c/a\u003e Fix negation patterns with absolute filesystem paths\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.0...v16.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.1 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.2.0] - 2026-06-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003edocs/safety.md\u003c/code\u003e with notes about processing untrusted YAML.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxDepth\u003c/code\u003e (100) loader option. Not a problem, but gives a better\nexception instead of RangeError on stack overflow.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxMergeSeqLength\u003c/code\u003e (20) loader option. Not a problem after \u003ccode\u003emerge\u003c/code\u003e fix,\nbut an additional restriction for safety.\u003c/li\u003e\n\u003cli\u003eAdded sourcemaps to \u003ccode\u003edist/\u003c/code\u003e builds.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStop resolving numbers with underscores as numeric scalars, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/627\"\u003e#627\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSwitched dev toolchains to Vite / neostandard.\u003c/li\u003e\n\u003cli\u003eUpdated demo.\u003c/li\u003e\n\u003cli\u003eReorganized tests.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edist/\u003c/code\u003e files are no longer kept in the repository.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of properties on the first implicit block mapping key, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/62\"\u003e#62\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix trailing whitespace handling when folding flow scalar lines, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReject top-level block scalars without content indentation, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/280\"\u003e#280\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnsure numbers survive round-trip, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/737\"\u003e#737\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix test coverage for issue \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/221\"\u003e#221\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix flow scalar trailing whitespace folding, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix digits in YAML named tag handles.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential DoS via quadratic complexity in merge - deduplicate repeated\nelements (makes sense for malformed files \u0026gt; 10K).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lightningcss` from 1.31.1 to 1.32.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/parcel-bundler/lightningcss/releases\"\u003elightningcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.32.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/880\"\u003eEnable custom resolvers to mark imports as external\u003c/a\u003e. Resolvers may now return \u003ccode\u003e{external: string}\u003c/code\u003e to mark an import as external. This will leave the \u003ccode\u003e@import\u003c/code\u003e in the output CSS instead of bundling it. See \u003ca href=\"https://lightningcss.dev/bundling.html#custom-resolvers\"\u003ethe docs\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1170\"\u003eAllow visitors to add dependencies\u003c/a\u003e. Visitors may now be functions which receive an \u003ccode\u003eaddDependency\u003c/code\u003e function as an option. Dependencies may be used by tools that call Lightning CSS such as bundlers to implement file watching or caching. See \u003ca href=\"https://lightningcss.dev/transforms.html#dependencies\"\u003ethe docs\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1148\"\u003eAdd \u003ccode\u003emix-blend-mode\u003c/code\u003e property support\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1152\"\u003eOutput unknown \u003ccode\u003ecolor-scheme\u003c/code\u003e keywords as-is instead of \u003ccode\u003enormal\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1147\"\u003eImproved serialization of the rotate property\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1145\"\u003ekeep a single space between functions when formatting \u003ccode\u003etransform\u003c/code\u003e values\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1142\"\u003eFix additionally inserted whitespace in \u003ccode\u003evar(--foo,)\u003c/code\u003e and \u003ccode\u003eenv(--foo,)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1174\"\u003eConvert the percentage in the \u003ccode\u003escale\u003c/code\u003e property or \u003ccode\u003escale()\u003c/code\u003e to a number\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/parcel-bundler/lightningcss/commit/836741b5ecc4ae70289b2a26ce265df6c8486357\"\u003eupdate compat data\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/parcel-bundler/lightningcss/commits/v1.32.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 10.1.1 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/693c82377d0948401be4c6d3220c9a74132ab112\"\u003e\u003ccode\u003e693c823\u003c/code\u003e\u003c/a\u003e 10.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7953af1fac53267c05e362f036b70de898318faa\"\u003e\u003ccode\u003e7953af1\u003c/code\u003e\u003c/a\u003e do not allow .. to consume drive letter on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1caf91893b67586255c68e2e513b14ac66785a24\"\u003e\u003ccode\u003e1caf918\u003c/code\u003e\u003c/a\u003e lint and format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7783ed6670442acb4d455b9b164a1b2a33507a45\"\u003e\u003ccode\u003e7783ed6\u003c/code\u003e\u003c/a\u003e ignore docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/6d9b356cd59372de00e1d5f3b8907a3350b9b8e5\"\u003e\u003ccode\u003e6d9b356\u003c/code\u003e\u003c/a\u003e update deps etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c36addb94e33f14254b9ca9017e63ae9c9d80d1d\"\u003e\u003ccode\u003ec36addb\u003c/code\u003e\u003c/a\u003e 10.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26b90027d5ad0c383b5253a4e45d6dc7da282db4\"\u003e\u003ccode\u003e26b9002\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/3a0d83b6f03a17ebc15361c2faa7110777042aab\"\u003e\u003ccode\u003e3a0d83b\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ea94840326c3f40522f1b544bd2303024b0eec35\"\u003e\u003ccode\u003eea94840\u003c/code\u003e\u003c/a\u003e 10.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0873fbabc00a86e09f4469386059a71abb136c93\"\u003e\u003ccode\u003e0873fba\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v10.1.1...v10.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pixi.js` from 8.15.0 to 8.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pixijs/pixijs/releases\"\u003epixi.js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.1\u003c/h2\u003e\n\u003ch2\u003e💾 Download\u003c/h2\u003e\n\u003cp\u003eInstallation:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003enpm install pixi.js@8.18.1\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eDevelopment Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProduction Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pixijs.download/v8.18.1/docs/index.html\"\u003ehttps://pixijs.download/v8.18.1/docs/index.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.18.0...v8.18.1\"\u003ehttps://github.com/pixijs/pixijs/compare/v8.18.0...v8.18.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🐛 Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent error when using \u003ccode\u003eApplication.domContainerRoot\u003c/code\u003e in Node.js by \u003ca href=\"https://github.com/UlyssesZh\"\u003e\u003ccode\u003e@​UlyssesZh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pixijs/pixijs/pull/12017\"\u003epixijs/pixijs#12017\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003e💾 Download\u003c/h2\u003e\n\u003cp\u003eInstallation:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003enpm install pixi.js@8.18.0\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eDevelopment Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProduction Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pixijs.download/v8.18.0/docs/index.html\"\u003ehttps://pixijs.download/v8.18.0/docs/index.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/pixijs/pixijs/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🚨 Behavior Change\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003etext.width\u003c/code\u003e and word wrap returning incorrect values by \u003ca href=\"https://github.com/Zyie\"\u003e\u003ccode\u003e@​Zyie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pixijs/pixijs/pull/12007\"\u003epixijs/pixijs#12007\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eText\u003c/code\u003e/\u003ccode\u003eHTMLText\u003c/code\u003e/\u003ccode\u003eBitmapText\u003c/code\u003e with \u003ccode\u003ewordWrap: true\u003c/code\u003e and non-left \u003ccode\u003ealign\u003c/code\u003e (\u003ccode\u003ecenter\u003c/code\u003e/\u003ccode\u003eright\u003c/code\u003e/\u003ccode\u003ejustify\u003c/code\u003e) now return the true rendered width from \u003ccode\u003etext.width\u003c/code\u003e instead of reporting \u003ccode\u003ewordWrapWidth\u003c/code\u003e. If you relied on \u003ccode\u003etext.width === wordWrapWidth\u003c/code\u003e for layout, use \u003ccode\u003ewordWrapWidth\u003c/code\u003e directly or wrap the text in a sized container.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/8f42bb760872ed6652775d00a4de448ac277e783\"\u003e\u003ccode\u003e8f42bb7\u003c/code\u003e\u003c/a\u003e v8.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1947eb616e415af7fe9c0436239d93991d58d27f\"\u003e\u003ccode\u003e1947eb6\u003c/code\u003e\u003c/a\u003e fix: prevent error when using Application.domContainerRoot in Node.js (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12017\"\u003e#12017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/2c5818b0e75b835ba5980844136b10cbdc3982a9\"\u003e\u003ccode\u003e2c5818b\u003c/code\u003e\u003c/a\u003e v8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/39d22791e09959d59bee5d90ed7ccb6db06d8c47\"\u003e\u003ccode\u003e39d2279\u003c/code\u003e\u003c/a\u003e chore: move \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e to production dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1c1f19364f27508ab1cc9043e27ba15cf4741b3e\"\u003e\u003ccode\u003e1c1f193\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e to 0.8.12 (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12016\"\u003e#12016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/7a8f55c37f60ffe887ca318ac22d12331f733760\"\u003e\u003ccode\u003e7a8f55c\u003c/code\u003e\u003c/a\u003e feat: add graphicsContextToSvg() for Graphics → SVG export (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/11989\"\u003e#11989\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/16dad504f68bfee55987c6a2a3aef1d98f36f1f9\"\u003e\u003ccode\u003e16dad50\u003c/code\u003e\u003c/a\u003e fix: TilingSprite tilePosition divided by resolution when using Canvas render...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/5e4640bbc3e1a9d4cb0203f57d891da30f65d395\"\u003e\u003ccode\u003e5e4640b\u003c/code\u003e\u003c/a\u003e fix: SplitText baseline mismatch when tagStyles used with lineHeight (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12008\"\u003e#12008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/19b206cd41c86940dbfcc441367141108382eadb\"\u003e\u003ccode\u003e19b206c\u003c/code\u003e\u003c/a\u003e fix: move CanvasFilterSystem to filters module (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12014\"\u003e#12014\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1b9b7d0c83f35ba05500dc81cbb2433962ca025a\"\u003e\u003ccode\u003e1b9b7d0\u003c/code\u003e\u003c/a\u003e fix: Handle literal \u003ccode\u003e\u0026lt;\u003c/code\u003e characters in parseTaggedText (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/11972\"\u003e#11972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.15.0...v8.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `preact` from 10.28.2 to 10.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact/releases\"\u003epreact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.29.2\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix hydration when we have defaultValue or value on a textarea (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5081\"\u003e#5081\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CODEOWNERS for GitHub configuration (v10.x) (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5088\"\u003e#5088\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix trusted publishing workflow (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5084\"\u003e#5084\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrusted publishing (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5072\"\u003e#5072\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.29.1\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCreate a unique event-clock for each Preact instance on a page. (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5068\"\u003e#5068\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incorrect DOM order with conditional ContextProvider and inner keys (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5067\"\u003e#5067\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Remove postinstall script for playwright setup (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5063\"\u003e#5063\u003c/a\u003e, thanks \u003ca href=\"https://github.com/rschristian\"\u003e\u003ccode\u003e@​rschristian\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: speed up tests by using playwright instead of webdriverio (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5060\"\u003e#5060\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: migrate remaining .js -\u0026gt; .jsx files (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5059\"\u003e#5059\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: rename \u003ccode\u003e.test.js\u003c/code\u003e -\u0026gt; \u003ccode\u003e.test.jsx\u003c/code\u003e when JSX is used (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5058\"\u003e#5058\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate from biome to oxfmt (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5033\"\u003e#5033\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.29.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement flushSync (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5036\"\u003e#5036\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure we reset renderCount (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5017\"\u003e#5017\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eundefined prototype (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5041\"\u003e#5041\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePerformance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGolf down compat (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5025\"\u003e#5025\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.4\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash where a synchronous effect render unmounts the tree (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5026\"\u003e#5026\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePerformance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCore size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5022\"\u003e#5022\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHooks size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5021\"\u003e#5021\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake oldProps diffing more compact (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5004\"\u003e#5004\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5019\"\u003e#5019\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompat size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5020\"\u003e#5020\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/fce6ed7a6d5f2c7333d9c26fb09f5bb9e929a737\"\u003e\u003ccode\u003efce6ed7\u003c/code\u003e\u003c/a\u003e 10.29.2 (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5091\"\u003e#5091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/84581d0b9bcc8788058fa171f437445471fc0f9f\"\u003e\u003ccode\u003e84581d0\u003c/code\u003e\u003c/a\u003e Fix buggy edge case (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5090\"\u003e#5090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/5a39554bbde4f7768e2537f19896e3ea7cbb592b\"\u003e\u003ccode\u003e5a39554\u003c/code\u003e\u003c/a\u003e Add CODEOWNERS for GitHub configuration (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5088\"\u003e#5088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/562e0f510bb98ccc73d0fea4e8c1339a3cb1da07\"\u003e\u003ccode\u003e562e0f5\u003c/code\u003e\u003c/a\u003e Fix trusted publishing workflow (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5084\"\u003e#5084\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/3a012555a9cd572fb85016c915ac61aecded51b7\"\u003e\u003ccode\u003e3a01255\u003c/code\u003e\u003c/a\u003e Trusted publishing (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5072\"\u003e#5072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/cae8d3a4a6695809e287ec7fddd992db377a1234\"\u003e\u003ccode\u003ecae8d3a\u003c/code\u003e\u003c/a\u003e Fix migrations when we have defaultValue or value on a textarea (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5081\"\u003e#5081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/4dc9b508dd37544b858bfa52d28e12d219effdbb\"\u003e\u003ccode\u003e4dc9b50\u003c/code\u003e\u003c/a\u003e 10.29.1 (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5071\"\u003e#5071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/0560f9aa1eb7f329033eca51b4c50ade5fb8396e\"\u003e\u003ccode\u003e0560f9a\u003c/code\u003e\u003c/a\u003e Create a unique event-clock for each Preact instance on a page. (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5068\"\u003e#5068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/cda06de806a3244c3dd318dfc2b4c7bf2aca6a9a\"\u003e\u003ccode\u003ecda06de\u003c/code\u003e\u003c/a\u003e Fix incorrect DOM order with conditional ContextProvider and inner keys (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/506\"\u003e#506\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/c859700e53196465607b2a351a2133b1a4d8834a\"\u003e\u003ccode\u003ec859700\u003c/code\u003e\u003c/a\u003e fix: Remove postinstall script for playwright setup (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5063\"\u003e#5063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/preactjs/preact/compare/10.28.2...10.29.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for preact since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `preact-render-to-string` from 6.6.5 to 6.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact-render-to-string/releases\"\u003epreact-render-to-string's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/450\"\u003e#450\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/dbc692fd60a9187174491a085d60e635560cb8c6\"\u003e\u003ccode\u003edbc692f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Adjust the comment-marker for streaming to be the same as renderToStringAsync where we use \\$s\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/461\"\u003e#461\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Reject unsafe namespaced attribute names before normalizing SVG/XML attribute casing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.6.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/457\"\u003e#457\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/ce6ef7153113af70c32ee952d0fbce01e0115de4\"\u003e\u003ccode\u003ece6ef71\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/lemonmade\"\u003e\u003ccode\u003e@​lemonmade\u003c/code\u003e\u003c/a\u003e! - fix: renderToStringAsync produces commas for suspended components with complex children\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.6.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/446\"\u003e#446\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b7b288c68ed8c97ed8eb6c26929111debdc03435\"\u003e\u003ccode\u003eb7b288c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Fix issues regarding streaming full HTML documents\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact-render-to-string/blob/main/CHANGELOG.md\"\u003epreact-render-to-string's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/450\"\u003e#450\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/dbc692fd60a9187174491a085d60e635560cb8c6\"\u003e\u003ccode\u003edbc692f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Adjust the comment-marker for streaming to be the same as renderToStringAsync where we use $s\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/461\"\u003e#461\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Reject unsafe namespaced attribute names before normalizing SVG/XML attribute casing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/457\"\u003e#457\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/ce6ef7153113af70c32ee952d0fbce01e0115de4\"\u003e\u003ccode\u003ece6ef71\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/lemonmade\"\u003e\u003ccode\u003e@​lemonmade\u003c/code\u003e\u003c/a\u003e! - fix: renderToStringAsync produces commas for suspended components with complex children\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/446\"\u003e#446\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b7b288c68ed8c97ed8eb6c26929111debdc03435\"\u003e\u003ccode\u003eb7b288c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Fix issues regarding streaming full HTML documents\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/eb871c8e808ed94bcd95824b10048683d4ccb358\"\u003e\u003ccode\u003eeb871c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/460\"\u003e#460\u003c/a\u003e from preactjs/changeset-release/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b22fc16c3aa8efcd15e33f01b2e9acfd4500f3be\"\u003e\u003ccode\u003eb22fc16\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/833043bc3463c81094464f3143fab3469e2e1052\"\u003e\u003ccode\u003e833043b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/461\"\u003e#461\u003c/a\u003e from preactjs/fix-link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Reject namespaced attribute\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/990307a99cace84c67bd7520a6bd32cffa9ad219\"\u003e\u003ccode\u003e990307a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/458\"\u003e#458\u003c/a\u003e from preactjs/changesets-based-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/bcd3b0b1618dc825a37aef2f8f2052a4b10c8345\"\u003e\u003ccode\u003ebcd3b0b\u003c/code\u003e\u003c/a\u003e Pin npm in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/950a59f11fd0c392890332401f2deb16cdd8b012\"\u003e\u003ccode\u003e950a59f\u003c/code\u003e\u003c/a\u003e Add changesets based publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/797a662aa267c917fcb446cd92129066db682b6e\"\u003e\u003ccode\u003e797a662\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/450\"\u003e#450\u003c/a\u003e from preactjs/id-adjustements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/df713c5a475baf34b26a77a6c1f00ad078d73a68\"\u003e\u003ccode\u003edf713c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/454\"\u003e#454\u003c/a\u003e from preactjs/changeset-release/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/39da545985de82cac948cdb52081e52bf76591f5\"\u003e\u003ccode\u003e39da545\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/preactjs/preact-render-to-string/compare/v6.6.5...v6.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rehype-citation` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/timlrx/rehype-citation/releases\"\u003erehype-citation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/60\"\u003etimlrx/rehype-citation#60\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update ci and netlify node version by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/61\"\u003etimlrx/rehype-citation#61\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: footnote typing by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/62\"\u003etimlrx/rehype-citation#62\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\"\u003ehttps://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/19a9f4dfb9815fc16d0df53aa93a8b2a954ef3ba\"\u003e\u003ccode\u003e19a9f4d\u003c/code\u003e\u003c/a\u003e 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/d785742ee34ae15c4562309623567b4e5e4fb639\"\u003e\u003ccode\u003ed785742\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/62\"\u003e#62\u003c/a\u003e from timlrx/fix-footnote-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/dbfce4828e1c991fd5645908aff7aba5aef54ff2\"\u003e\u003ccode\u003edbfce48\u003c/code\u003e\u003c/a\u003e fix: footnote typing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/b3d64a086836f998de5801b42952738be7d38128\"\u003e\u003ccode\u003eb3d64a0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/61\"\u003e#61\u003c/a\u003e from timlrx/update-ci-node-version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/21e59f74581be2d9c82ca7a0789f2c24fa9bda50\"\u003e\u003ccode\u003e21e59f7\u003c/code\u003e\u003c/a\u003e chore: update netlify node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/eceb790b3886da8502a6e0e33f40b5be44ca9931\"\u003e\u003ccode\u003eeceb790\u003c/code\u003e\u003c/a\u003e chore: update ci node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/a86aec612e8da9756fcc562c137cdc6cd289f9a7\"\u003e\u003ccode\u003ea86aec6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/60\"\u003e#60\u003c/a\u003e from timlrx/update-dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/17966586b5fceef9a6a6c5804e02ff7c1107b0c9\"\u003e\u003ccode\u003e1796658\u003c/code\u003e\u003c/a\u003e chore: update to tailwind v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/6bcf5a58967b050862287f2d9b81a56b35146952\"\u003e\u003ccode\u003e6bcf5a5\u003c/code\u003e\u003c/a\u003e chore: sync changes from citation-js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/67a76f2054a5ce3db6e139569f0262a6248e28a9\"\u003e\u003ccode\u003e67a76f2\u003c/code\u003e\u003c/a\u003e chore: update outdated link\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rehype-pretty-code` from 0.14.1 to 0.14.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/releases\"\u003erehype-pretty-code's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erehype-pretty-code@0.14.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Shiki 4\u003c/li\u003e\n\u003cli\u003echore: fix npm OIDC trusted publishing workflow\u003c/li\u003e\n\u003cli\u003edocs: update docs with renamed shiki function: \u003ccode\u003egetHighlighter\u003c/code\u003e -\u0026gt; \u003ccode\u003ecreateHighlighter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/blob/master/packages/core/CHANGELOG.md\"\u003erehype-pretty-code's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.14.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: fix npm OIDC trusted publishing workflow\u003c/li\u003e\n\u003cli\u003edocs: update docs with renamed shiki function: \u003ccode\u003egetHighlighter\u003c/code\u003e -\u0026gt; \u003ccode\u003ecreateHighlighter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.14.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Shiki 4\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/8c3530faea43a7e23ed5e301024d2860970e9594\"\u003e\u003ccode\u003e8c3530f\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/9b53bd13bd7d4c878e9151f5151c5923757889ae\"\u003e\u003ccode\u003e9b53bd1\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/d14e99613309c386116d26f8f815ffd682e1ed46\"\u003e\u003ccode\u003ed14e996\u003c/code\u003e\u003c/a\u003e Support Shiki 4 (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commits/rehype-pretty-code@0.14.3/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for rehype-pretty-code since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `satori` from 0.19.1 to 0.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/satori/releases\"\u003esatori's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.26.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.25.0...0.26.0\"\u003e0.26.0\u003c/a\u003e (2026-03-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuiltin minimal JSX runtime (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/737\"\u003e#737\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/eab60eeecca1bcefc95d69a674f20f572155fe26\"\u003eeab60ee\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.24.1...0.25.0\"\u003e0.25.0\u003c/a\u003e (2026-03-05)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCSS variables (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/736\"\u003e#736\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/d2469131e1e42c0c599c3be108ba9b500cc99ca0\"\u003ed246913\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.24.0...0.24.1\"\u003e0.24.1\u003c/a\u003e (2026-03-03)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsistent text positioning when embedFont is false (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/723\"\u003e#723\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/dc07b7002bdc5b6f1915149c5510ff79b4587816\"\u003edc07b70\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.23.0...0.24.0\"\u003e0.24.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved object-position support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/734\"\u003e#734\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/9377f705f6511fadf8fb01dbbda960fe7b2732ab\"\u003e9377f70\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.23.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.22.0...0.23.0\"\u003e0.23.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd text-indent support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/733\"\u003e#733\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/2b7e8255c8c368df1ec61d050ccf3ffc7d0b47ff\"\u003e2b7e825\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.22.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.21.0...0.22.0\"\u003e0.22.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for object-fit \u003ccode\u003efill\u003c/code\u003e and \u003ccode\u003escale-down\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/732\"\u003e#732\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/453fd917b137a16f3cf514017e262c7e53527e5f\"\u003e453fd91\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.21.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.20.0...0.21.0\"\u003e0.21.0\u003c/a\u003e (2026-03-02)\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/eab60eeecca1bcefc95d69a674f20f572155fe26\"\u003e\u003ccode\u003eeab60ee\u003c/code\u003e\u003c/a\u003e feat: builtin minimal JSX runtime (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/737\"\u003e#737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/d2469131e1e42c0c599c3be108ba9b500cc99ca0\"\u003e\u003ccode\u003ed246913\u003c/code\u003e\u003c/a\u003e feat: CSS variables (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/736\"\u003e#736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/dc07b7002bdc5b6f1915149c5510ff79b4587816\"\u003e\u003ccode\u003edc07b70\u003c/code\u003e\u003c/a\u003e fix: Consistent text positioning when embedFont is false (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/723\"\u003e#723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/54a749b3326e3b43d2d81149679d832c9d47f9dc\"\u003e\u003ccode\u003e54a749b\u003c/code\u003e\u003c/a\u003e chore: export InitInput and allow Promise (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/9377f705f6511fadf8fb01dbbda960fe7b2732ab\"\u003e\u003ccode\u003e9377f70\u003c/code\u003e\u003c/a\u003e feat: Improved object-position support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/734\"\u003e#734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/2b7e8255c8c368df1ec61d050ccf3ffc7d0b47ff\"\u003e\u003ccode\u003e2b7e825\u003c/code\u003e\u003c/a\u003e feat: Add text-indent support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/733\"\u003e#733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/453fd917b137a16f3cf514017e262c7e53527e5f\"\u003e\u003ccode\u003e453fd91\u003c/code\u003e\u003c/a\u003e feat: Support for object-fit \u003ccode\u003efill\u003c/code\u003e and \u003ccode\u003escale-down\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/732\"\u003e#732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/c8dd6f5cc16085df1fdcf5711562439f3e26d0de\"\u003e\u003ccode\u003ec8dd6f5\u003c/code\u003e\u003c/a\u003e chore: Add more tests (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/c1087d63970e9798450bb974f35f1af526ce294d\"\u003e\u003ccode\u003ec1087d6\u003c/code\u003e\u003c/a\u003e chore: Update benchmark code (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/730\"\u003e#730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/4e761c6b9fdf2959cf2a0292c9d1235154f070b6\"\u003e\u003ccode\u003e4e761c6\u003c/code\u003e\u003c/a\u003e feat: 10% perf improvements in the core lib (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/729\"\u003e#729\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/satori/compare/0.19.1...0.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serve-handler` from 6.1.6 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/serve-handler/releases\"\u003eserve-handler's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.1.7\u003c/h2\u003e\n\u003ch3\u003ePatches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix: update minimatch to 3.1.5 to resolve security vulnerabilities: \u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/228\"\u003e#228\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/ParakhJaggi\"\u003e\u003ccode\u003e@​ParakhJaggi\u003c/code\u003e\u003c/a\u003e  for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/5158ae776863f0d597187e11260d963e7a78c6a0\"\u003e\u003ccode\u003e5158ae7\u003c/code\u003e\u003c/a\u003e 6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/754d1dcb5bb6dbd164667368be5e1b1278f1da60\"\u003e\u003ccode\u003e754d1dc\u003c/code\u003e\u003c/a\u003e fix: update minimatch to 3.1.5 to resolve security vulnerabilities (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/228\"\u003e#228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/8b357fad752db5e9439e92513286970f68ed953e\"\u003e\u003ccode\u003e8b357fa\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;chore(deps): upgrade minimatch to v10.2.4 (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/226\"\u003e#226\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/8df54ef09a5497641403cd4a888525a4831f4208\"\u003e\u003ccode\u003e8df54ef\u003c/code\u003e\u003c/a\u003e chore(deps): upgrade minimatch to v10.2.4 (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vercel/serve-handler/compare/6.1.6...6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shiki` from 1.26.2 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shikijs/shiki/releases\"\u003eshiki's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003etwoslash\u003c/strong\u003e: Forward \u003ccode\u003etsModule\u003c/code\u003e to \u003ccode\u003ecreateTwoslasher\u003c/code\u003e  -  by \u003ca href=\"https://github.com/arthurfiorette\"\u003e\u003ccode\u003e@​arthurfiorette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1271\"\u003eshikijs/shiki#1271\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/be89afcf\"\u003e\u003c!-- raw HTML omitted --\u003e(be89a)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.2...v4.1.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport ANSI language with multiple themes  -  by \u003ca href=\"https://github.com/dan-lee\"\u003e\u003ccode\u003e@​dan-lee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1259\"\u003eshikijs/shiki#1259\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/2a232309\"\u003e\u003c!-- raw HTML omitted --\u003e(2a232)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.1...v4.0.2\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTry fix dts bundle, thanks \u003ca href=\"https://github.com/sxzz\"\u003e\u003ccode\u003e@​sxzz\u003c/code\u003e\u003c/a\u003e  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/1f26cb1c\"\u003e\u003c!-- raw HTML omitted --\u003e(1f26c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.0...v4.0.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch3\u003e   🚨 Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop Node v18 support, remove deprecated APIs  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1249\"\u003eshikijs/shiki#1249\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/cdca9945\"\u003e\u003c!-- raw HTML omitted --\u003e(cdca9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA leaner \u003ccode\u003e@shikijs/primitive\u003c/code\u003e package  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1251\"\u003eshikijs/shiki#1251\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/05a77f1b\"\u003e\u003c!-- raw HTML omitted --\u003e(05a77)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNew \u003ccode\u003e@shikijs/markdown-exit\u003c/code\u003e package  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/d1257c25\"\u003e\u003c!-- raw HTML omitted --\u003e(d1257)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v3.23.0...v4.0.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.23.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate grammar and themes  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/9b4cacac\"\u003e\u003c!-- raw HTML omitted --\u003e(9b4ca)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd stdin support and list commands  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1241\"\u003eshikijs/shiki#1241\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/213f19bf\"\u003e\u003c!-- raw HTML omitted --\u003e(213f1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformers\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd 'leading' position to transformerRenderWhitespace  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1236\"\u003eshikijs/shiki#1236\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/49cbb761\"\u003e\u003c!-- raw HTML omitted --\u003e(49cbb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for [!code info] notation  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1237\"\u003eshikijs/shiki#1237\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/cd2a6d94\"\u003e\u003c!-- raw HTML omitted --\u003e(cd2a6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edeclare\u003c/code\u003e modifier to top level declarations in \u003ccode\u003e.d.ts\u003c/code\u003e  -  by \u003ca href=\"https://github.com/KazariEX\"\u003e\u003ccode\u003e@​KazariEX\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1242\"\u003eshikijs/shiki#1242\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/142d55c3\"\u003e\u003c!-- raw HTML omitted --\u003e(142d5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e: Normalize language/extension casing for CLI inputs  -  b...\n\n_Description has been truncated_","html_url":"https://github.com/soulcruzer/soulcruzer/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/soulcruzer%2Fsoulcruzer/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"5.1.2","new_version":"10.2.5","update_type":"major","path":null,"pr_created_at":"2026-06-01T01:12:51.000Z","version_change":"5.1.2 → 10.2.5","issue":{"uuid":"4559646532","node_id":"PR_kwDOJGOvU87hL8m3","number":42,"state":"open","title":"Bump the actions-deps group across 1 directory with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-06-01T01:12:51.000Z","updated_at":"2026-06-01T01:12:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"actions-deps","update_count":11,"packages":[{"name":"@actions/core","old_version":"3.0.0","new_version":"3.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/github","old_version":"9.0.0","new_version":"9.1.1","repository_url":"https://github.com/actions/toolkit"},{"name":"js-yaml","old_version":"4.1.1","new_version":"4.2.0","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"minimatch","old_version":"5.1.2","new_version":"10.2.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"zod","old_version":"4.3.6","new_version":"4.4.3","repository_url":"https://github.com/colinhacks/zod"},{"name":"@types/minimatch","old_version":"5.1.2","new_version":"6.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@types/node","old_version":"25.2.3","new_version":"25.9.1","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"jest","old_version":"30.2.0","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.3","repository_url":"https://github.com/prettier/prettier"},{"name":"ts-jest","old_version":"29.4.6","new_version":"29.4.11","repository_url":"https://github.com/kulshekhar/ts-jest"},{"name":"typescript","old_version":"5.9.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the actions-deps group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `3.0.0` | `3.0.1` |\n| [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) | `9.0.0` | `9.1.1` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.1` | `4.2.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.2` | `10.2.5` |\n| [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.3` |\n| [@types/minimatch](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/minimatch) | `5.1.2` | `6.0.0` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.2.3` | `25.9.1` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.2.0` | `30.4.2` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |\n| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.6` | `29.4.11` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |\n\n\nUpdates `@actions/core` from 3.0.0 to 3.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md\"\u003e@​actions/core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2348\"\u003e#2348\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/github` from 9.0.0 to 9.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md\"\u003e@​actions/github's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e9.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2346\"\u003e#2346\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e9.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAppend \u003ccode\u003eactions_orchestration_id\u003c/code\u003e to user-agent when the \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is set \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2364\"\u003e#2364\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/github\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.1 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.2.0] - 2026-06-01\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003edocs/safety.md\u003c/code\u003e with notes about processing untrusted YAML.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxDepth\u003c/code\u003e (100) loader option. Not a problem, but gives a better\nexception instead of RangeError on stack overflow.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003emaxMergeSeqLength\u003c/code\u003e (20) loader option. Not a problem after \u003ccode\u003emerge\u003c/code\u003e fix,\nbut an additional restriction for safety.\u003c/li\u003e\n\u003cli\u003eAdded sourcemaps to \u003ccode\u003edist/\u003c/code\u003e builds.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eStop resolving numbers with underscores as numeric scalars, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/627\"\u003e#627\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSwitched dev toolchains to Vite / neostandard.\u003c/li\u003e\n\u003cli\u003eUpdated demo.\u003c/li\u003e\n\u003cli\u003eReorganized tests.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edist/\u003c/code\u003e files are no longer kept in the repository.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix parsing of properties on the first implicit block mapping key, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/62\"\u003e#62\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix trailing whitespace handling when folding flow scalar lines, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eReject top-level block scalars without content indentation, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/280\"\u003e#280\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eEnsure numbers survive round-trip, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/737\"\u003e#737\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix test coverage for issue \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/221\"\u003e#221\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix flow scalar trailing whitespace folding, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/307\"\u003e#307\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eFix digits in YAML named tag handles.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix potential DoS via quadratic complexity in merge - deduplicate repeated\nelements (makes sense for malformed files \u0026gt; 10K).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.2 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/693c82377d0948401be4c6d3220c9a74132ab112\"\u003e\u003ccode\u003e693c823\u003c/code\u003e\u003c/a\u003e 10.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7953af1fac53267c05e362f036b70de898318faa\"\u003e\u003ccode\u003e7953af1\u003c/code\u003e\u003c/a\u003e do not allow .. to consume drive letter on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1caf91893b67586255c68e2e513b14ac66785a24\"\u003e\u003ccode\u003e1caf918\u003c/code\u003e\u003c/a\u003e lint and format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7783ed6670442acb4d455b9b164a1b2a33507a45\"\u003e\u003ccode\u003e7783ed6\u003c/code\u003e\u003c/a\u003e ignore docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/6d9b356cd59372de00e1d5f3b8907a3350b9b8e5\"\u003e\u003ccode\u003e6d9b356\u003c/code\u003e\u003c/a\u003e update deps etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c36addb94e33f14254b9ca9017e63ae9c9d80d1d\"\u003e\u003ccode\u003ec36addb\u003c/code\u003e\u003c/a\u003e 10.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26b90027d5ad0c383b5253a4e45d6dc7da282db4\"\u003e\u003ccode\u003e26b9002\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/3a0d83b6f03a17ebc15361c2faa7110777042aab\"\u003e\u003ccode\u003e3a0d83b\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ea94840326c3f40522f1b544bd2303024b0eec35\"\u003e\u003ccode\u003eea94840\u003c/code\u003e\u003c/a\u003e 10.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0873fbabc00a86e09f4469386059a71abb136c93\"\u003e\u003ccode\u003e0873fba\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v5.1.2...v10.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zod` from 4.3.6 to 4.4.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/colinhacks/zod/releases\"\u003ezod's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.4.3\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e4c2fa95ce3f3390fbc522324e406b4e9e89b88f9 docs: use Zernio primary wordmark for gold sponsor logo\u003c/li\u003e\n\u003cli\u003e2aeec83eb135e3a83756e973ef44845fc5a455d2 docs: prune lapsed gold sponsors and rebalance logo sizing\u003c/li\u003e\n\u003cli\u003e7391be88ac1ee5cd02057f5ccc012a1f5df4efd0 docs: prune lapsed silver/bronze sponsors and add active ones\u003c/li\u003e\n\u003cli\u003e2c703322a21b4e2b12f33f49ea8430c451a68b4f docs: normalize bronze sponsor logos to github avatar pattern\u003c/li\u003e\n\u003cli\u003e9195250cab0e7950efe39c3926d6c203b4b0a170 docs: remove Mintlify from bronze sponsors (churned)\u003c/li\u003e\n\u003cli\u003eb8dffe9e62f17e6571e6249d05cc5102b54d94e4 docs: remove Numeric and Speakeasy (2+ missed monthly cycles)\u003c/li\u003e\n\u003cli\u003e1cab69383fcdeae2a366d5e2a2fc4d8fc765d168 fix(v4): restore catch handling for absent object keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5937\"\u003e#5937\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5939\"\u003e#5939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec2be4f819064eed62c7c350a2d399b5faecd15f8 fix(v4): generalize optin/fallback to transform; restore preprocess on absent keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5941\"\u003e#5941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ef3c9ec03ba7a28ae72d25cc295f38674bee0f559 4.4.3\u003c/li\u003e\n\u003cli\u003e1fb56a5c18c27102dbc92260a4007c7732a0ccca docs: document release procedure in AGENTS.md\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.2\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e0c62df0ea19fd05abdf90473e9eef7eea530fab2 Clean up docs navigation and stale labels (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5901\"\u003e#5901\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e20cc794895cc8604fe0c87d83a5d1c3f89fad0ac chore: add security policy and refresh tooling deps\u003c/li\u003e\n\u003cli\u003e6fbe07b0177efdd1bf1c0b05160e70d7a0702337 fix(docs): heading anchor links now include the hash so it doesnt scoll all the way up, follows navbar logic (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5791\"\u003e#5791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e4bbed1b1c73eca4ce9e59b1189ed236aa6c8b5bd Tighten discriminated union option typing\u003c/li\u003e\n\u003cli\u003ebbac3e567e7fccfaaf7cdc97f1ce30c295e2c908 Update PR guidance for agents\u003c/li\u003e\n\u003cli\u003ecf0dc942a32805c292fff59ade20a7ace980735a Merge remote-tracking branch 'origin/main' into fix-discriminated-union-key-constraint\u003c/li\u003e\n\u003cli\u003e292c894a5fd2aa42e527900b83d8d7a3009a709c docs: add Zernio gold sponsor\u003c/li\u003e\n\u003cli\u003e1fc9f311c28dcf80d0bb5a36b177086cbc3d8eca docs: document codec inversion\u003c/li\u003e\n\u003cli\u003e1373c85da9aeff704a9762d27bc58699618aefb7 docs: remove AI disclosure guidance\u003c/li\u003e\n\u003cli\u003ee20d02b473c08e3a4e557bc610b1b5fac079b649 chore: ignore triage notes\u003c/li\u003e\n\u003cli\u003ee58ea4d91b1dfe8194b73508203213cbc7e9c936 docs: test Zod Mini tab code heights\u003c/li\u003e\n\u003cli\u003e905761a5d127e8d5dd2ebb3bc88c75cb0b8149ff docs: document preprocess input type narrowing\u003c/li\u003e\n\u003cli\u003ebf64bac850d4dee2b7dde7e64909d5d796d32043 chore: tighten test guidance in AGENTS.md\u003c/li\u003e\n\u003cli\u003e8ec4e73f4c4693b6361ad591be40fb41eb8a9f95 chore: update play.ts scratch\u003c/li\u003e\n\u003cli\u003e02c2baf7d0d615872fa4528a8020603b71211702 Make z.preprocess defer optionality to inner schema (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5929\"\u003e#5929\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e88015df8e25c44fb5385eb3ef28935119cd5edea fix(docs): drop deprecated \u003ccode\u003ebaseUrl\u003c/code\u003e from tsconfig\u003c/li\u003e\n\u003cli\u003ec59d4474e3b4cad1b323462186cf607178ce8267 4.4.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.1\u003c/h2\u003e\n\u003ch2\u003eCommits:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow\u003c/li\u003e\n\u003cli\u003e95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations\u003c/li\u003e\n\u003cli\u003ecede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5900\"\u003e#5900\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eedd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1\u003c/li\u003e\n\u003cli\u003e180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.4.0\u003c/h2\u003e\n\u003ch2\u003e4.4.0\u003c/h2\u003e\n\u003cp\u003eThis is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.\u003c/p\u003e\n\u003ch2\u003ePotentially breaking bug fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/1fb56a5c18c27102dbc92260a4007c7732a0ccca\"\u003e\u003ccode\u003e1fb56a5\u003c/code\u003e\u003c/a\u003e docs: document release procedure in AGENTS.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/f3c9ec03ba7a28ae72d25cc295f38674bee0f559\"\u003e\u003ccode\u003ef3c9ec0\u003c/code\u003e\u003c/a\u003e 4.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/c2be4f819064eed62c7c350a2d399b5faecd15f8\"\u003e\u003ccode\u003ec2be4f8\u003c/code\u003e\u003c/a\u003e fix(v4): generalize optin/fallback to transform; restore preprocess on absent...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/1cab69383fcdeae2a366d5e2a2fc4d8fc765d168\"\u003e\u003ccode\u003e1cab693\u003c/code\u003e\u003c/a\u003e fix(v4): restore catch handling for absent object keys (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5937\"\u003e#5937\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/colinhacks/zod/issues/5939\"\u003e#5939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/b8dffe9e62f17e6571e6249d05cc5102b54d94e4\"\u003e\u003ccode\u003eb8dffe9\u003c/code\u003e\u003c/a\u003e docs: remove Numeric and Speakeasy (2+ missed monthly cycles)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/9195250cab0e7950efe39c3926d6c203b4b0a170\"\u003e\u003ccode\u003e9195250\u003c/code\u003e\u003c/a\u003e docs: remove Mintlify from bronze sponsors (churned)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/2c703322a21b4e2b12f33f49ea8430c451a68b4f\"\u003e\u003ccode\u003e2c70332\u003c/code\u003e\u003c/a\u003e docs: normalize bronze sponsor logos to github avatar pattern\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/7391be88ac1ee5cd02057f5ccc012a1f5df4efd0\"\u003e\u003ccode\u003e7391be8\u003c/code\u003e\u003c/a\u003e docs: prune lapsed silver/bronze sponsors and add active ones\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/2aeec83eb135e3a83756e973ef44845fc5a455d2\"\u003e\u003ccode\u003e2aeec83\u003c/code\u003e\u003c/a\u003e docs: prune lapsed gold sponsors and rebalance logo sizing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/colinhacks/zod/commit/4c2fa95ce3f3390fbc522324e406b4e9e89b88f9\"\u003e\u003ccode\u003e4c2fa95\u003c/code\u003e\u003c/a\u003e docs: use Zernio primary wordmark for gold sponsor logo\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/colinhacks/zod/compare/v4.3.6...v4.4.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for zod since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/minimatch` from 5.1.2 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/minimatch\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/node` from 25.2.3 to 25.9.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jest` from 30.2.0 to 30.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ejest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.2\u003c/h2\u003e\n\u003ch1\u003eFixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.1\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.0\u003c/h2\u003e\n\u003cp\u003eBig release! 😀\u003c/p\u003e\n\u003cp\u003eMain feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work \u003ccode\u003erequire(esm)\u003c/code\u003e module is now supported on Node 24.9+ (still requires \u003ccode\u003e--experimental-vm-modules\u003c/code\u003e like before).\u003c/p\u003e\n\u003cp\u003eIn addition we now support fake timers for the recently released \u003ccode\u003eTemporal\u003c/code\u003e API in Node v26.\u003c/p\u003e\n\u003cp\u003eReact 19 is also supported properly in \u003ccode\u003epretty-format\u003c/code\u003e, meaning snapshots of React components now work like they should.\u003c/p\u003e\n\u003cp\u003eDue to all the changes, there might be regressions that snuck in. Please report them!\u003c/p\u003e\n\u003cp\u003eFull list of changes below\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ejest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus]\u003c/code\u003e Prevent crash when \u003ccode\u003easyncError\u003c/code\u003e is undefined for non-Error throws (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16003\"\u003e#16003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-jasmine2]\u003c/code\u003e Include \u003ccode\u003eError.cause\u003c/code\u003e in JSON \u003ccode\u003efailureMessages\u003c/code\u003e output (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15967\"\u003e#15967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Fix preset path resolution on Windows when the preset uses subpath \u003ccode\u003eexports\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15961\"\u003e#15961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config without a validation warning (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Project config validator now emits \u0026quot;is not supported in an individual project configuration\u0026quot; instead of \u0026quot;probably a typing mistake\u0026quot; for known global-only options (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-environment-node]\u003c/code\u003e Fix \u003ccode\u003e--localstorage-file\u003c/code\u003e warning on Node 25+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16086\"\u003e#16086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-reporters]\u003c/code\u003e Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16137\"\u003e#16137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/746f2a0f57c56e3bba555280f0587d40f3db95c0\"\u003e\u003ccode\u003e746f2a0\u003c/code\u003e\u003c/a\u003e v30.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/b3b4a09ed3005369dacc7466d1d2122797283785\"\u003e\u003ccode\u003eb3b4a09\u003c/code\u003e\u003c/a\u003e v30.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/5cbb21e0b3037edb42e503ec1a1ce80efad40c20\"\u003e\u003ccode\u003e5cbb21e\u003c/code\u003e\u003c/a\u003e v30.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/db7141a93cc85fab81cf9c25368e1f2b2c312286\"\u003e\u003ccode\u003edb7141a\u003c/code\u003e\u003c/a\u003e fix: allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config (\u003ca href=\"https://github.com/jestjs/jest/tree/HEAD/packages/jest/issues/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/efb59c2e81083f8dc941f20d6d20a3af2dc8d068\"\u003e\u003ccode\u003eefb59c2\u003c/code\u003e\u003c/a\u003e v30.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/96c53d30660e51bf76ed2cd1ecc2334c399ac31c\"\u003e\u003ccode\u003e96c53d3\u003c/code\u003e\u003c/a\u003e feat(jest-config): add \u003ccode\u003edefineConfig\u003c/code\u003e and \u003ccode\u003emergeConfig\u003c/code\u003e functions (\u003ca href=\"https://github.com/jestjs/jest/tree/HEAD/packages/jest/issues/15844\"\u003e#15844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jestjs/jest/commits/v30.4.2/packages/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prettier` from 3.8.1 to 3.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/releases\"\u003eprettier's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003eprettier/prettier#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/3.8.3/CHANGELOG.md#383\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Angular v21.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md#382\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md\"\u003eprettier's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.8.3\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.2...3.8.3\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003e#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"scss\"\u003e\u003ccode\u003e// Input\n$value: if(sass(false): 1; else: -1);\n\u003cp\u003e// Prettier 3.8.2\n$value: if(\nsass(false): 1; else: -1,\n);\u003c/p\u003e\n\u003cp\u003e// Prettier 3.8.3\n$value: if(sass(false): 1; else: -1);\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch1\u003e3.8.2\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.2\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eAngular: Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18722\"\u003e#18722\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/prettier/prettier/pull/19034\"\u003e#19034\u003c/a\u003e by \u003ca href=\"https://github.com/fisker\"\u003e\u003ccode\u003e@​fisker\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eExhaustive typechecking with \u003ccode\u003e@default never;\u003c/code\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- Input --\u0026gt;\n@switch (foo) {\n  @case (1) {}\n  @default never;\n}\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.1 --\u0026gt;\nSyntaxError: Incomplete block \u0026quot;default never\u0026quot;. If you meant to write the @ character, you should use the \u0026quot;\u0026amp;\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/64\"\u003e#64\u003c/a\u003e;\u0026quot; HTML entity instead. (3:3)\u003c/p\u003e\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.2 --\u0026gt;\n\u003ca href=\"https://github.com/switch\"\u003e\u003ccode\u003e@​switch\u003c/code\u003e\u003c/a\u003e (foo) {\n\u003ca href=\"https://github.com/case\"\u003e\u003ccode\u003e@​case\u003c/code\u003e\u003c/a\u003e (1) {}\n\u003ca href=\"https://github.com/default\"\u003e\u003ccode\u003e@​default\u003c/code\u003e\u003c/a\u003e never;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003earrow function\u003c/code\u003e and \u003ccode\u003einstanceof\u003c/code\u003e expressions.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/d7108a79ec745c04292aabf22c4c1adbd690b191\"\u003e\u003ccode\u003ed7108a7\u003c/code\u003e\u003c/a\u003e Release 3.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/177f90898170d363ef64fde663e4d13170688bfe\"\u003e\u003ccode\u003e177f908\u003c/code\u003e\u003c/a\u003e Prevent trailing comma in SCSS \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18471\"\u003e#18471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/1cd40668c3d6f2f4cf9d87bbc9096d92361b2606\"\u003e\u003ccode\u003e1cd4066\u003c/code\u003e\u003c/a\u003e Release \u003ccode\u003e@​prettier/plugin-oxc\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/a8700e245038cd8cc0cf28ef06ffedbcb3fc2dfc\"\u003e\u003ccode\u003ea8700e2\u003c/code\u003e\u003c/a\u003e Update oxc-parser to v0.125.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/752157c78eca6f0a30e5d5cb513b682c5ecfa01e\"\u003e\u003ccode\u003e752157c\u003c/code\u003e\u003c/a\u003e Fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/053fd418e180b12fa2014260212fae831f5fc5ec\"\u003e\u003ccode\u003e053fd41\u003c/code\u003e\u003c/a\u003e Bump Prettier dependency to 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/904c6365ec46726fd0e21021c52ae934b7e5abc6\"\u003e\u003ccode\u003e904c636\u003c/code\u003e\u003c/a\u003e Clean changelog_unreleased\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/dc1f7fcc508d116cbf1644d69a1f0eb93e40d4a4\"\u003e\u003ccode\u003edc1f7fc\u003c/code\u003e\u003c/a\u003e Update dependents count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/b31557cf331a02acf83e7e29d1001b070189a0d9\"\u003e\u003ccode\u003eb31557c\u003c/code\u003e\u003c/a\u003e Release 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/96bbaeda0525bf758e464aed2f939d739a85c315\"\u003e\u003ccode\u003e96bbaed\u003c/code\u003e\u003c/a\u003e Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18722\"\u003e#18722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ts-jest` from 29.4.6 to 29.4.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kulshekhar/ts-jest/releases\"\u003ets-jest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev29.4.11\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev29.4.10\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev29.4.9\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev29.4.8\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev29.4.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md\"\u003ets-jest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.10...v29.4.11\"\u003e29.4.11\u003c/a\u003e (2026-05-21)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve Bundler on the CJS path under TypeScript \u0026gt;= 6 (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/39418187515f11b6584d35a4e3ddf50231f74936\"\u003e3941818\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/4198\"\u003e#4198\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.9...v29.4.10\"\u003e29.4.10\u003c/a\u003e (2026-05-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epass \u003ccode\u003eresolutionMode\u003c/code\u003e to \u003ccode\u003ets.resolveModuleName\u003c/code\u003e for hybrid module support (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/b557a85f85c3fd34523ec3a15293afbdc9dea83c\"\u003eb557a85\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erebuild \u003ccode\u003eProgram\u003c/code\u003e when consecutive compiles need different module kinds (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/a82a2b32c4987a5249fd5284283117dd2fa3be47\"\u003ea82a2b3\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/4774\"\u003e#4774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erespect tsconfig \u003ccode\u003emoduleResolution\u003c/code\u003e instead of forcing \u003ccode\u003eNode10\u003c/code\u003e (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/1bffffc667557c173ae0c1f93dd436920775dac4\"\u003e1bffffc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformer:\u003c/strong\u003e transpile \u003ccode\u003emjs\u003c/code\u003e files from \u003ccode\u003enode_modules\u003c/code\u003e for CJS mode (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/96d025dd912ea2bceb18b67d2d509ada7a756d9d\"\u003e96d025d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformer:\u003c/strong\u003e use a consistent comparator in hoist-jest sortStatements (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/8a8fd2fb8446655bba18367db9306a1089490e62\"\u003e8a8fd2f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.8...v29.4.9\"\u003e29.4.9\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003euse correct registry for npm OIDC trusted publishing (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/f8a9cc9892\"\u003ef8a9cc9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.7...v29.4.8\"\u003e29.4.8\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ewrong published assets\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.6...v29.4.7\"\u003e29.4.7\u003c/a\u003e (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esupport TypeScript v6 (\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/eda517d226389317d99572887d3c1aa93c81be87\"\u003eeda517d\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/bff2d64917caa8150701829b152c4d193614d997\"\u003e\u003ccode\u003ebff2d64\u003c/code\u003e\u003c/a\u003e chore(release): 29.4.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/39418187515f11b6584d35a4e3ddf50231f74936\"\u003e\u003ccode\u003e3941818\u003c/code\u003e\u003c/a\u003e fix: preserve Bundler on the CJS path under TypeScript \u0026gt;= 6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/efb3c2f84d3583db0787982a18425d99edadfe25\"\u003e\u003ccode\u003eefb3c2f\u003c/code\u003e\u003c/a\u003e build(deps): bump webpack-dev-server from 5.2.2 to 5.2.4 in /website\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/4e46fad6c1c4d5be5d6666c64bf65a3af2f1519e\"\u003e\u003ccode\u003e4e46fad\u003c/code\u003e\u003c/a\u003e ci: refactor release workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/96b3ac0cc0586d5379c87308f797a9acf0e4a675\"\u003e\u003ccode\u003e96b3ac0\u003c/code\u003e\u003c/a\u003e chore(release): 29.4.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/e98ec6452548a61285d55c00c7f6b1fd9858d699\"\u003e\u003ccode\u003ee98ec64\u003c/code\u003e\u003c/a\u003e build(deps): update github/codeql-action digest to 458d36d\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/21ac58f60f93164640433250fb4ca8b671aa8587\"\u003e\u003ccode\u003e21ac58f\u003c/code\u003e\u003c/a\u003e build(deps): update jest packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/0fdc96d293c6ce047bf61831b721218623882e78\"\u003e\u003ccode\u003e0fdc96d\u003c/code\u003e\u003c/a\u003e build(deps): update dependency semver to ^7.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/4b95551190235a65eac176625c72e220af066efe\"\u003e\u003ccode\u003e4b95551\u003c/code\u003e\u003c/a\u003e build(deps): update dependency jest-environment-jsdom to ^30.4.1 (\u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/5311\"\u003e#5311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kulshekhar/ts-jest/commit/7b884476f7891e2b9a8637e2f6bb2e09b7efcfbd\"\u003e\u003ccode\u003e7b88447\u003c/code\u003e\u003c/a\u003e build(deps): update eslint packages to ^8.59.3 (\u003ca href=\"https://redirect.github.com/kulshekhar/ts-jest/issues/5310\"\u003e#5310\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kulshekhar/ts-jest/compare/v29.4.6...v29.4.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for ts-jest since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typescript` from 5.9.3 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/TypeScript/releases\"\u003etypescript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTypeScript 6.0.3\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0/\"\u003erelease announcement blog post\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22\"\u003efixed issues query for TypeScript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.1%22\"\u003efixed issues query for TypeScript 6.0.1 (RC)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.2%22\"\u003efixed issues query for TypeScript 6.0.2 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.3%22\"\u003efixed issues query for TypeScript 6.0.3 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTypeScript 6.0\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0/\"\u003erelease announcement blog post\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22\"\u003efixed issues query for TypeScript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.1%22\"\u003efixed issues query for TypeScript 6.0.1 (RC)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.2%22\"\u003efixed issues query for TypeScript 6.0.2 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTypeScript 6.0 Beta\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0-beta/\"\u003erelease announcement\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22+is%3Aclosed+\"\u003efixed issues query for Typescript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/050880ce59e30b356b686bd3144efe24f875ebc8\"\u003e\u003ccode\u003e050880c\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.3 and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/eeae9dd0f17aa494658e4ec079dc002e02dd625e\"\u003e\u003ccode\u003eeeae9dd\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63401\"\u003e#63401\u003c/a\u003e (Also check package name validity in...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/ad1c695fada682764bb510dd680e8f175ae54094\"\u003e\u003ccode\u003ead1c695\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63368\"\u003e#63368\u003c/a\u003e (Harden ATA package name filtering) into release-6.0 (\u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63372\"\u003e#63372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/0725fb4664a1d5ec94040b6d94db77dc1cc354e4\"\u003e\u003ccode\u003e0725fb4\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63310\"\u003e#63310\u003c/a\u003e (Mark class property initializers as...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/607a22a90d1a5a1b507ce01bb8cd7ec020f954e7\"\u003e\u003ccode\u003e607a22a\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.2 and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/9e72ab71b575e26795d0d9eac3d2d9957beed17c\"\u003e\u003ccode\u003e9e72ab7\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63239\"\u003e#63239\u003c/a\u003e (Fix missing lib files in reused pro...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/35ff23d4b0cc715691323ebe54f523c16fe6e3a5\"\u003e\u003ccode\u003e35ff23d\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63163\"\u003e#63163\u003c/a\u003e (Port anyFunctionType subtype fix an...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/e175b69138038953d4e85bf6529afe88d56d8fbe\"\u003e\u003ccode\u003ee175b69\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.1-rc and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/af4caac0e91e838c46b3fdc1c9afacad68800f89\"\u003e\u003ccode\u003eaf4caac\u003c/code\u003e\u003c/a\u003e Update LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/8efd7e8544d8b35c9b33bca44a3124aa2613bf09\"\u003e\u003ccode\u003e8efd7e8\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into release-6.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/actions-marketplace-validations/contractify_label-and-assign/pull/42","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-marketplace-validations%2Fcontractify_label-and-assign/issues/42","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/42/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-31T23:40:51.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4559390795","node_id":"PR_kwDOSc4Q1s7hLKi0","number":25,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T23:40:51.000Z","updated_at":"2026-05-31T23:42:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"vite","old_version":"6.4.1","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"axios","old_version":"1.13.5","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.3.1","new_version":"3.4.7","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.57.1","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"socket.io-parser","old_version":"4.2.5","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"ws","old_version":"8.18.3","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.1` | `6.4.2` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.16.1` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.7` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.57.1` | `4.60.4` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.5` | `4.2.6` |\n| [ws](https://github.com/websockets/ws) | `8.18.3` | `8.20.1` |\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.4.1 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.5 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.1 to 3.4.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHardened the handling of Shadow Roots when using \u003ccode\u003eIN_PLACE\u003c/code\u003e, thanks \u003ca href=\"https://github.com/GameZoneHacker\"\u003e\u003ccode\u003e@​GameZoneHacker\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved a problem leading to permanent hook pollution, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactored the test suite and expanded test coverage significantly\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed several issues with DOM Clobbering in \u003ccode\u003eIN_PLACE\u003c/code\u003e mode, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/Bankde\"\u003e\u003ccode\u003e@​Bankde\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHardened the checks for cross-realm \u003ccode\u003eIN_PLACE\u003c/code\u003e and Shadow DOM sanitization, thanks \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/Bankde\"\u003e\u003ccode\u003e@​Bankde\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded more test coverage for \u003ccode\u003eIN_PLACE\u003c/code\u003e and general DOM Clobbering attacks\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a bypass caused by the new HTML element \u003ccode\u003eselectedcontent\u003c/code\u003e added in 3.4.4, thanks \u003ca href=\"https://github.com/KabirAcharya\"\u003e\u003ccode\u003e@​KabirAcharya\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.\u003c/strong\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.4.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003eselectedcontent\u003c/code\u003e element to default allow-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecommand\u003c/code\u003e and \u003ccode\u003ecommandfor\u003c/code\u003e attributes to default allowed-list, thanks \u003ca href=\"https://github.com/lukewarlow\"\u003e\u003ccode\u003e@​lukewarlow\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better template scrubbing for \u003ccode\u003eIN_PLACE\u003c/code\u003e operations, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded stronger checks for cross-realm windows, thanks \u003ca href=\"https://github.com/DEMON1A\"\u003e\u003ccode\u003e@​DEMON1A\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/fg0x0\"\u003e\u003ccode\u003e@​fg0x0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated demo website and made sure it uses the latest from main\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, dependabot, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🚨 \u003cstrong\u003eThis release had been flagged as deprecated, please use DOMPurify 3.4.5 instead\u003c/strong\u003e 🚨\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.4.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with handling of nested Shadow DOM trees, thanks \u003ca href=\"https://github.com/fishjojo1\"\u003e\u003ccode\u003e@​fishjojo1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the template regexes to be more robust against ReDoS attacks, thanks \u003ca href=\"https://github.com/aleung27\"\u003e\u003ccode\u003e@​aleung27\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated the node iteration code to catch more Shadow DOM related issues\u003c/li\u003e\n\u003cli\u003eUpdated Playwright and added Node 26 to test matrix\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, release signing, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with URI validation on attributes allowed via \u003ccode\u003eADD_ATTR\u003c/code\u003e callback, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with source maps referring to non-existing files, thanks \u003ca href=\"https://github.com/cmdcolin\"\u003e\u003ccode\u003e@​cmdcolin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated existing workflows, fuzzer, release signing, etc., added more tests\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with on-handler stripping for HTML-spec-reserved custom element names (\u003ccode\u003efont-face\u003c/code\u003e, \u003ccode\u003ecolor-profile\u003c/code\u003e, \u003ccode\u003emissing-glyph\u003c/code\u003e, \u003ccode\u003efont-face-src\u003c/code\u003e, \u003ccode\u003efont-face-uri\u003c/code\u003e, \u003ccode\u003efont-face-format\u003c/code\u003e, \u003ccode\u003efont-face-name\u003c/code\u003e) under permissive \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed a case-sensitivity gap in the \u003ccode\u003eannotation-xml\u003c/code\u003e check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e repeatedly prefixing already-prefixed \u003ccode\u003eid\u003c/code\u003e and \u003ccode\u003ename\u003c/code\u003e values on subsequent sanitization\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eIN_PLACE\u003c/code\u003e root-node check to explicitly guard against non-string \u003ccode\u003enodeName\u003c/code\u003e (DOM-clobbering robustness)\u003c/li\u003e\n\u003cli\u003eRemoved a duplicate \u003ccode\u003eslot\u003c/code\u003e entry from the default HTML attribute allow-list\u003c/li\u003e\n\u003cli\u003eStrengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e, and a negative-control assertion ensuring the invariants actually fire\u003c/li\u003e\n\u003cli\u003eAdded regression and pinning tests covering the above fixes and two accepted-behavior contracts (\u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e greedy scrub, hook-added attribute handling)\u003c/li\u003e\n\u003cli\u003eExtended CodeQL analysis to run on \u003ccode\u003e3.x\u003c/code\u003e and \u003ccode\u003e2.x\u003c/code\u003e maintenance branches\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/ca30f070c360df162a3e3848e80e6fd3c9e74bff\"\u003e\u003ccode\u003eca30f07\u003c/code\u003e\u003c/a\u003e release: 3.4.7 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1414\"\u003e#1414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/bb7739e5bccec7e1ab3dae3f3e42d02db3acaaae\"\u003e\u003ccode\u003ebb7739e\u003c/code\u003e\u003c/a\u003e release: 3.4.6 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1394\"\u003e#1394\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/011b0c78f2a0f57ee54f5fcccb697a46ca6e63ea\"\u003e\u003ccode\u003e011b0c7\u003c/code\u003e\u003c/a\u003e release: 3.4.5 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1382\"\u003e#1382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5817ad969c15e67dfcd6cb37248d6e9c1553e7c3\"\u003e\u003ccode\u003e5817ad9\u003c/code\u003e\u003c/a\u003e release: 3.4.4 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/520edb0371a9638f9b51f1798051299a250c686b\"\u003e\u003ccode\u003e520edb0\u003c/code\u003e\u003c/a\u003e release: 3.4.3 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1352\"\u003e#1352\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6f67fd396a7b8c64294343999fe607ca1f5299c0\"\u003e\u003ccode\u003e6f67fd3\u003c/code\u003e\u003c/a\u003e Sync/3.4.2 (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1322\"\u003e#1322\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b0cdbbf52331e854c0a2de875b1a3790ecec2b8\"\u003e\u003ccode\u003e5b0cdbb\u003c/code\u003e\u003c/a\u003e chore: merge main into 3.x for 3.4.1 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1301\"\u003e#1301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/09f59115a311469de5b625225760593e551f080a\"\u003e\u003ccode\u003e09f5911\u003c/code\u003e\u003c/a\u003e test: added three more browsers to test setup (OSX, mobile)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.1...3.4.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.57.1 to 4.60.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.60.4\u003c/h2\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.2\u003c/h2\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6346\"\u003e#6346\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6347\"\u003e#6347\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6348\"\u003e#6348\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6349\"\u003e#6349\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6350\"\u003e#6350\u003c/a\u003e: fix: reset variable render names between outputs in the same generate (\u003ca href=\"https://github.com/barry3406\"\u003e\u003ccode\u003e@​barry3406\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6351\"\u003e#6351\u003c/a\u003e: chore(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6352\"\u003e#6352\u003c/a\u003e: chore(deps): update cross-platform-actions/action action to v1 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6353\"\u003e#6353\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6354\"\u003e#6354\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6355\"\u003e#6355\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6356\"\u003e#6356\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6358\"\u003e#6358\u003c/a\u003e: chore: remove cross-env from devDeps (\u003ca href=\"https://github.com/K-tecchan\"\u003e\u003ccode\u003e@​K-tecchan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.1\u003c/h2\u003e\n\u003ch2\u003e4.60.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://re...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate npm dependencies to pick up security and stability fixes across the stack. Key bumps include `lodash@4.18.1`, `postcss@8.5.15`, `vite@6.4.2`, `axios@1.16.1`, `dompurify@3.4.7`, and `rollup@4.60.4`.\n\n- **Dependencies**\n  - Security: `lodash` (prototype pollution fix), `postcss` (XSS and file read hardening), `picomatch` (CVE fixes), `dompurify` (Shadow DOM/IN_PLACE hardening).\n  - Build tools: `vite@6.4.2` (path traversal protections), `rollup@4.60.4` (stable chunk hashes).\n  - Networking: `axios@1.16.1` (proxy leak fix; adds `https-proxy-agent`, `proxy-from-env@2`), `follow-redirects@1.16.0`, `ws@8.20.1`.\n  - Other: `minimatch@3.1.5`, `flatted@3.4.2`, `socket.io-parser@4.2.6`.\n\n- **Migration**\n  - If you passed a `URL` object to `axios` as `config.url`, switch to a string.\n  - Run a clean install to update lockfile and new install scripts.\n\n\u003csup\u003eWritten for commit 20892050342f34ca53a5397f59f42de4742e8d07. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/davins56/Anima-Protocol/pull/25?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies including lodash, postcss, and vite\n\u003e Updates 12 npm dependencies in [package.json](https://github.com/davins56/Anima-Protocol/pull/25/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519), with notable version bumps: `lodash` ^4.17.21 → ^4.18.1, `postcss` ^8.5.3 → ^8.5.15, and `vite` ^6.1.0 → ^6.4.2. The [package-lock.json](https://github.com/davins56/Anima-Protocol/pull/25/files#diff-053150b640a7ce75eff69d1a22cae7f0f94ad64ce9a855db544dda0929316519) is regenerated to reflect the new versions.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 2089205.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e\n\n\u003c!-- greptile_comment --\u003e\n\n\u003ch3\u003eGreptile Summary\u003c/h3\u003e\n\nThis is an automated dependency update from dependabot bumping 12 packages in `package.json` and `package-lock.json`. The majority of updates address security vulnerabilities across the dependency tree.\n\n- **Security-driven updates**: `lodash` (prototype pollution + code injection via `_.template` imports keys), `postcss` (arbitrary file read + XSS), `vite` (path traversal + `server.fs` bypass), `axios` (prototype pollution + HTTPS cleartext proxy leak), `dompurify` (Shadow DOM/DOM Clobbering bypasses), `flatted` (CWE-1321 prototype pollution), `picomatch` (CVE-2026-33671 \u0026 CVE-2026-33672), and `minimatch` (ReDoS).\n- **Bug-fix / maintenance updates**: `rollup` (chunk hash stability, variable rendering), `socket.io-parser`, `ws`, and `follow-redirects` (transitive, adds `sensitiveHeaders` option).\n- All changes are confined to the lockfile and top-level version specifiers; no application source code is modified.\n\n\u003ch3\u003eConfidence Score: 5/5\u003c/h3\u003e\n\nSafe to merge — all changes are lockfile and version-specifier updates resolving known security advisories with no application source modifications.\n\nEvery changed line is in `package.json` or `package-lock.json`. The bumped packages carry meaningful security fixes (prototype pollution, path traversal, XSS bypasses, cleartext proxy leak) that make upgrading the right call. No application logic is touched, and all new versions are patch or minor increments within the existing semver ranges already declared in the project.\n\nNo files require special attention — both changed files are dependency manifests with straightforward version bumps.\n\n\u003ch3\u003eImportant Files Changed\u003c/h3\u003e\n\n| Filename | Overview |\n|----------|----------|\n| package.json | Top-level version specifiers updated for lodash (^4.18.1), postcss (^8.5.15), and vite (^6.4.2); all bumps resolve known security advisories. |\n| package-lock.json | Lockfile regenerated to pin all 12 updated packages (and their platform-specific native binaries for rollup) at the new versions; integrity hashes look consistent with expected patterns. |\n\n\u003c/details\u003e\n\n\u003ch3\u003eFlowchart\u003c/h3\u003e\n\n```mermaid\n%%{init: {'theme': 'neutral'}}%%\nflowchart TD\n    A[dependabot PR #25] --\u003e B[package.json\\nversion specifiers updated]\n    A --\u003e C[package-lock.json\\nlockfile regenerated]\n\n    B --\u003e D[lodash ^4.18.1\\nPrototype pollution + _.template injection fixed]\n    B --\u003e E[postcss ^8.5.15\\nArbitrary file read + XSS fixed]\n    B --\u003e F[vite ^6.4.2\\nPath traversal + server.fs bypass fixed]\n\n    C --\u003e G[axios 1.16.1\\nHTTPS cleartext proxy leak fixed]\n    C --\u003e H[dompurify 3.4.7\\nShadow DOM / DOM Clobbering bypasses fixed]\n    C --\u003e I[flatted 3.4.2\\nCWE-1321 prototype pollution fixed]\n    C --\u003e J[picomatch 2.3.2 / 4.0.4\\nCVE-2026-33671, CVE-2026-33672 fixed]\n    C --\u003e K[minimatch 3.1.5\\nReDoS fixed]\n    C --\u003e L[rollup 4.60.4\\nChunk hash stability bug fixed]\n    C --\u003e M[socket.io-parser 4.2.6\\nMaintenance]\n    C --\u003e N[ws 8.20.1\\nMaintenance]\n    C --\u003e O[follow-redirects 1.16.0\\nsensitiveHeaders option added]\n```\n\n\u003csub\u003eReviews (1): Last reviewed commit: [\"chore(deps): bump the npm\\_and\\_yarn group...\"](https://github.com/davins56/anima-protocol/commit/20892050342f34ca53a5397f59f42de4742e8d07) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=34829241)\u003c/sub\u003e\n\n\u003c!-- /greptile_comment --\u003e","html_url":"https://github.com/davins56/Anima-Protocol/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/davins56%2FAnima-Protocol/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"}},{"old_version":"9.0.5","new_version":"9.0.9","update_type":"patch","path":null,"pr_created_at":"2026-05-31T19:40:40.000Z","version_change":"9.0.5 → 9.0.9","issue":{"uuid":"4558761894","node_id":"PR_kwDOBXNst87hJQ14","number":43,"state":"closed","title":"build(deps): bump minimatch from 9.0.5 to 9.0.9","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-31T19:45:44.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-31T19:40:40.000Z","updated_at":"2026-05-31T19:46:53.000Z","time_to_close":304,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps [minimatch](https://github.com/isaacs/minimatch) from 9.0.5 to 9.0.9.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8a10e473e2e0ff03c2d4de308f257093af2bce21\"\u003e\u003ccode\u003e8a10e47\u003c/code\u003e\u003c/a\u003e 9.0.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c6f180636cebd4de2f9af7ef29ca4c9bf2eeef02\"\u003e\u003ccode\u003ec6f1806\u003c/code\u003e\u003c/a\u003e brace-expansion@2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/446cfa3e2aa3ef45bd4a27fa4418221e158489f6\"\u003e\u003ccode\u003e446cfa3\u003c/code\u003e\u003c/a\u003e 9.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8fa151ab95fd4e2acd6e1a81f10d02dc7c1098d3\"\u003e\u003ccode\u003e8fa151a\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/71b78a2a4cad3a40af08a39c065e71bbf69ea7f7\"\u003e\u003ccode\u003e71b78a2\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2de496f6d9362dd92460f35ffa6ff8de2907244b\"\u003e\u003ccode\u003e2de496f\u003c/code\u003e\u003c/a\u003e 9.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0d4616de9193bf1d359271662e92657bb51b2f75\"\u003e\u003ccode\u003e0d4616d\u003c/code\u003e\u003c/a\u003e limit nested extglob recursion, flatten extglobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7117ef381e74deace1c62a74d2298c8fe61d10ca\"\u003e\u003ccode\u003e7117ef3\u003c/code\u003e\u003c/a\u003e 9.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2418458b7fe82e0a1fd1a1b6f618c41c90b9848a\"\u003e\u003ccode\u003e2418458\u003c/code\u003e\u003c/a\u003e update deps, do not checkin dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1d1f531009d5e4a86083de37e5ef3f301e073986\"\u003e\u003ccode\u003e1d1f531\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v9.0.5...v9.0.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=minimatch\u0026package-manager=npm_and_yarn\u0026previous-version=9.0.5\u0026new-version=9.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/wodeni/wodeni.github.io/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/wodeni/wodeni.github.io/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/wodeni%2Fwodeni.github.io/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-31T07:10:33.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4556856867","node_id":"PR_kwDOQcL7xc7hDmcL","number":84,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T07:10:33.000Z","updated_at":"2026-05-31T07:10:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"express-rate-limit","old_version":"8.2.1","new_version":"8.2.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"qs","old_version":"6.14.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.2.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.2` |\n\n\nUpdates `express-rate-limit` from 8.2.1 to 8.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/a009ad6488448515b219eb9f4203c725eb328c8e\"\u003e\u003ccode\u003ea009ad6\u003c/code\u003e\u003c/a\u003e 8.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/72cd30e449615e50833ad92f88d8ae59faf9f467\"\u003e\u003ccode\u003e72cd30e\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/1ddb1cc8ba6a7774fae49fff0c45e2c2a9305d95\"\u003e\u003ccode\u003e1ddb1cc\u003c/code\u003e\u003c/a\u003e fix: handle ipv4 mapped to ipv6 (ghsa-46wh-pxpv-q5gq)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/compare/v8.2.1...v8.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~gamemaker1\"\u003egamemaker1\u003c/a\u003e, a new releaser for express-rate-limit since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eAttestation changes\u003c/summary\u003e\n\u003cp\u003eThis version has no provenance attestation, while the previous version (8.2.1) was attested. Review the \u003ca href=\"https://www.npmjs.com/package/express-rate-limit?activeTab=versions\"\u003epackage versions\u003c/a\u003e before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.0.1 to 10.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/7c49446ebe28718676dfe04495347ecafb0c494a\"\u003e\u003ccode\u003e7c49446\u003c/code\u003e\u003c/a\u003e 10.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/0f8291dc716d636519319f585d950d2f6d9ff20a\"\u003e\u003ccode\u003e0f8291d\u003c/code\u003e\u003c/a\u003e feat: Add Address4.fromByteArray() for API consistency with Address6 (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/180\"\u003e#180\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a57d8b76f2b1b46ac8543066ee11480cc7a3568b\"\u003e\u003ccode\u003ea57d8b7\u003c/code\u003e\u003c/a\u003e trigger CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/6bb5c5891ef07eb38d5e1c65afa6fd4ce49da13d\"\u003e\u003ccode\u003e6bb5c58\u003c/code\u003e\u003c/a\u003e update circl CI config to trigger a build\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v10.0.1...v10.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pathharper/organic-typing/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/pathharper/organic-typing/pull/84","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pathharper%2Forganic-typing/issues/84","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/84/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-31T07:09:04.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4556853995","node_id":"PR_kwDOPBWa087hDl6E","number":113,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript","security"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T07:09:04.000Z","updated_at":"2026-05-31T07:18:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"express-rate-limit","old_version":"8.2.1","new_version":"8.2.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"happy-dom","old_version":"20.0.10","new_version":"20.9.0","repository_url":"https://github.com/capricorn86/happy-dom"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"storybook","old_version":"10.0.7","new_version":"10.4.1","repository_url":"https://github.com/storybookjs/storybook"},{"name":"vite","old_version":"7.2.2","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.28.5","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@remix-run/router","old_version":"1.23.1","new_version":"1.23.3","repository_url":"https://github.com/remix-run/react-router"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jws","old_version":"3.2.2","new_version":"3.2.3","repository_url":"https://github.com/brianloveswords/node-jws"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"rollup","old_version":"4.53.2","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"serialize-javascript","old_version":"6.0.2","new_version":"7.0.5","repository_url":"https://github.com/yahoo/serialize-javascript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.2.2` |\n| [happy-dom](https://github.com/capricorn86/happy-dom) | `20.0.10` | `20.9.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `10.0.7` | `10.4.1` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.2.2` | `7.3.3` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.28.5` | `7.29.7` |\n| [@remix-run/router](https://github.com/remix-run/react-router/tree/HEAD/packages/router) | `1.23.1` | `1.23.3` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [rollup](https://github.com/rollup/rollup) | `4.53.2` | `4.60.4` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.5` |\n\n\nUpdates `express-rate-limit` from 8.2.1 to 8.2.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/a009ad6488448515b219eb9f4203c725eb328c8e\"\u003e\u003ccode\u003ea009ad6\u003c/code\u003e\u003c/a\u003e 8.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/72cd30e449615e50833ad92f88d8ae59faf9f467\"\u003e\u003ccode\u003e72cd30e\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/1ddb1cc8ba6a7774fae49fff0c45e2c2a9305d95\"\u003e\u003ccode\u003e1ddb1cc\u003c/code\u003e\u003c/a\u003e fix: handle ipv4 mapped to ipv6 (ghsa-46wh-pxpv-q5gq)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/compare/v8.2.1...v8.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~gamemaker1\"\u003egamemaker1\u003c/a\u003e, a new releaser for express-rate-limit since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eAttestation changes\u003c/summary\u003e\n\u003cp\u003eThis version has no provenance attestation, while the previous version (8.2.1) was attested. Review the \u003ca href=\"https://www.npmjs.com/package/express-rate-limit?activeTab=versions\"\u003epackage versions\u003c/a\u003e before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `happy-dom` from 20.0.10 to 20.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/capricorn86/happy-dom/releases\"\u003ehappy-dom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev20.9.0\u003c/h2\u003e\n\u003ch3\u003e:art: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds support for event listener properties on Window (e.g. \u003ccode\u003eWindow.onkeydown\u003c/code\u003e) - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2131\"\u003e#2131\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.9\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes issue where cookies from the current origin was being forwarded to the target origin in fetch requests - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2117\"\u003e#2117\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eA security advisory (\u003ca href=\"https://github.com/capricorn86/happy-dom/security/advisories/GHSA-w4gp-fjgq-3q4g\"\u003eGHSA-w4gp-fjgq-3q4g\u003c/a\u003e) was reported for this security vulnerability. Big thanks to \u003ca href=\"https://github.com/r74tech\"\u003e\u003ccode\u003e@​r74tech\u003c/code\u003e\u003c/a\u003e for reporting this!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.8\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes issue where export names can be interpolated as executable code in ESM - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2113\"\u003e#2113\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eA security advisory (\u003ca href=\"https://github.com/capricorn86/happy-dom/security/advisories/GHSA-6q6h-j7hj-3r64\"\u003eGHSA-6q6h-j7hj-3r64\u003c/a\u003e) has been reported that shows a security vulnerability where it may be possible to escape the VM context and get access to process level functionality in unsafe environments using CommonJS. Big thanks to \u003ca href=\"https://github.com/tndud042713\"\u003e\u003ccode\u003e@​tndud042713\u003c/code\u003e\u003c/a\u003e for reporting this!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.7\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace implementing Node.js \u003ccode\u003eConsole\u003c/code\u003e with common \u003ccode\u003eIConsole\u003c/code\u003e interface to support latest version of Bun - By \u003cstrong\u003e\u003ca href=\"https://github.com/YevheniiKotyrlo\"\u003e\u003ccode\u003e@​YevheniiKotyrlo\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1845\"\u003e#1845\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.6\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eRequest.formData()\u003c/code\u003e should honor \u0026quot;Content-Type\u0026quot; header - By \u003cstrong\u003e\u003ca href=\"https://github.com/brianhelba\"\u003e\u003ccode\u003e@​brianhelba\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2106\"\u003e#2106\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.5\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes error thrown when modifying DOM structure in \u003ccode\u003econnectedCallback()\u003c/code\u003e - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.4\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eReplace ConsoleConstructor import with indexed access type - By \u003cstrong\u003e\u003ca href=\"https://github.com/YevheniiKotyrlo\"\u003e\u003ccode\u003e@​YevheniiKotyrlo\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1845\"\u003e#1845\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.3\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow error if event is not of type \u003ccode\u003eEvent\u003c/code\u003e in \u003ccode\u003eEventTarget.dispatchEvent()\u003c/code\u003e - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2054\"\u003e#2054\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.2\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResets \u003ccode\u003eEvent.cancelBubble\u003c/code\u003e and \u003ccode\u003eEvent.defaultPrevented\u003c/code\u003e when calling \u003ccode\u003eEvent.initEvent()\u003c/code\u003e - By \u003cstrong\u003e\u003ca href=\"https://github.com/capricorn86\"\u003e\u003ccode\u003e@​capricorn86\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2090\"\u003e#2090\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.1\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u0026quot;inert\u0026quot; attribute block focus interactions - By \u003cstrong\u003e\u003ca href=\"https://github.com/coffeeandwork\"\u003e\u003ccode\u003e@​coffeeandwork\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1422\"\u003e#1422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.8.0\u003c/h2\u003e\n\u003ch3\u003e:art: Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdds support for setPointerCapture, hasPointerCapture, and releasePointerCapture to Element - By \u003cstrong\u003e\u003ca href=\"https://github.com/coffeeandwork\"\u003e\u003ccode\u003e@​coffeeandwork\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e in task \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1733\"\u003e#1733\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev20.7.2\u003c/h2\u003e\n\u003ch3\u003e:construction_worker_man: Patch fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eProperly decode CSS escape sequences in attribute selector values - By \u003cstrong\u003e\u003ca href=\"https://github.com/silverwind\"\u003e\u003ccode\u003e@​silverwind\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/4090adefaf116143ebabf3226581c1261c09e877\"\u003e\u003ccode\u003e4090ade\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/0\"\u003e#0\u003c/a\u003e Fix github release workflow (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2140\"\u003e#2140\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/c7c2bb506377f2b38218486b166b89a9b0e5b174\"\u003e\u003ccode\u003ec7c2bb5\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/0\"\u003e#0\u003c/a\u003e Fix github release workflow (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2139\"\u003e#2139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/d541143d69e6593422e32c7c3853213ee04af545\"\u003e\u003ccode\u003ed541143\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/0\"\u003e#0\u003c/a\u003e Fix github release workflow (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2138\"\u003e#2138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/a78d89e7e1cf77c42cb04833b9d9fba30a3e868a\"\u003e\u003ccode\u003ea78d89e\u003c/code\u003e\u003c/a\u003e feat: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2131\"\u003e#2131\u003c/a\u003e Adds support for event listener properties on Window (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2132\"\u003e#2132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/68324c21d7b98f53f7bb5a7b3e185bda7106e751\"\u003e\u003ccode\u003e68324c2\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2117\"\u003e#2117\u003c/a\u003e Fixes issue related to cookies from the current origin being for...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/5437fdf8f13adb9590f9f52616d9f69c3ee8db3c\"\u003e\u003ccode\u003e5437fdf\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2113\"\u003e#2113\u003c/a\u003e Fixes issue where export names can be interpolated as executable...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/7e97acbc0de9e9e8515b828bb1bb60f6c65eae44\"\u003e\u003ccode\u003e7e97acb\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1845\"\u003e#1845\u003c/a\u003e Replace implementing Node js Console with common IConsole interf...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/3373929819a55988218a32c06816c5754828f59d\"\u003e\u003ccode\u003e3373929\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2106\"\u003e#2106\u003c/a\u003e \u003ccode\u003eRequest.formData()\u003c/code\u003e should honor \u003ccode\u003eContent-Type\u003c/code\u003e header (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2107\"\u003e#2107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/55c17ba6d2883ce54010b041be165db8f6c5c974\"\u003e\u003ccode\u003e55c17ba\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2110\"\u003e#2110\u003c/a\u003e Fixes error thrown when modifying DOM structure in connectedCall...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/capricorn86/happy-dom/commit/82a0888cb2c87a6123e05424b528f8e8c9b3e426\"\u003e\u003ccode\u003e82a0888\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/1845\"\u003e#1845\u003c/a\u003e Replace ConsoleConstructor import with indexed access type (\u003ca href=\"https://redirect.github.com/capricorn86/happy-dom/issues/2095\"\u003e#2095\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/capricorn86/happy-dom/compare/v20.0.10...v20.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for happy-dom since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `storybook` from 10.0.7 to 10.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/releases\"\u003estorybook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.4.1\u003c/h2\u003e\n\u003ch2\u003e10.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAngular: Detect model() signal outputs (type inference + compodoc autodocs + runtime binding) - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34833\"\u003e#34833\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eBuild: Upgrade type-fest to latest version 5.6.0 - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34791\"\u003e#34791\u003c/a\u003e, thanks \u003ca href=\"https://github.com/tobiasdiez\"\u003e\u003ccode\u003e@​tobiasdiez\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Run `npx expo install --fix` after init for Expo projects - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34803\"\u003e#34803\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Support `peerDependencies` in framework detection for component libraries - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34516\"\u003e#34516\u003c/a\u003e, thanks \u003ca href=\"https://github.com/zhyd1997\"\u003e\u003ccode\u003e@​zhyd1997\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNext.js: Add useLinkStatus mock to next/link export mock - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34593\"\u003e#34593\u003c/a\u003e, thanks \u003ca href=\"https://github.com/philwolstenholme\"\u003e\u003ccode\u003e@​philwolstenholme\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eVue3: Specify a specific version for non-dev dependency - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34794\"\u003e#34794\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ScopeyNZ\"\u003e\u003ccode\u003e@​ScopeyNZ\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev10.4.0\u003c/h2\u003e\n\u003ch2\u003e10.4.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003cem\u003eAI-assisted setup, change-aware review, and stronger framework support\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eStorybook 10.4 contains hundreds of fixes and improvements including:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding\u003c/li\u003e\n\u003cli\u003e🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes\u003c/li\u003e\n\u003cli\u003e🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar\u003c/li\u003e\n\u003cli\u003e⚛️ TanStack React: New `@storybook/tanstack-react` framework with routing and server function support\u003c/li\u003e\n\u003cli\u003e🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server\u003c/li\u003e\n\u003cli\u003e📱 React Native: Zero config RN project initialization\u003c/li\u003e\n\u003cli\u003e🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eA11y: Add aria-live announcements via \u003ccode\u003e@​react-aria/live-announcer\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/33970\"\u003e#33970\u003c/a\u003e, thanks \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eA11y: Improve boolean control contrast in forced colors mode - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34204\"\u003e#34204\u003c/a\u003e, thanks \u003ca href=\"https://github.com/anchmelev\"\u003e\u003ccode\u003e@​anchmelev\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eActions: Fix state mutation and keep newest actions when limit reached - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34286\"\u003e#34286\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Docs: Add Reset story button to re-render stories in docs - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34086\"\u003e#34086\u003c/a\u003e, thanks \u003ca href=\"https://github.com/6810779s\"\u003e\u003ccode\u003e@​6810779s\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Docs: Avoid rerendering static Source blocks - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34206\"\u003e#34206\u003c/a\u003e, thanks \u003ca href=\"https://github.com/anchmelev\"\u003e\u003ccode\u003e@​anchmelev\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Vitest: Use Vitest's provide-API for injecting values - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34518\"\u003e#34518\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JReinhold\"\u003e\u003ccode\u003e@​JReinhold\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Add --extensive for an extra prompt - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34730\"\u003e#34730\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Allow failed stories to persist - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34717\"\u003e#34717\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Keep sample content if users want onboarding - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34704\"\u003e#34704\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Rework ai-init-opt-in logic - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34739\"\u003e#34739\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAngular: Use Story ID for renderer IDs (including standalone stories) - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/33982\"\u003e#33982\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ValentinFunk\"\u003e\u003ccode\u003e@​ValentinFunk\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAutomigration: Move RN on-device addons to `deviceAddons` - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34659\"\u003e#34659\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eBuilder-Vite: Add onModuleGraphChange method - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34323\"\u003e#34323\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ghengeveld\"\u003e\u003ccode\u003e@​ghengeveld\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Add automigrate check for 'storybook' package name conflict - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34290\"\u003e#34290\u003c/a\u003e, thanks \u003ca href=\"https://github.com/whdjh\"\u003e\u003ccode\u003e@​whdjh\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Add react-vite to tanstack-react automigration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34718\"\u003e#34718\u003c/a\u003e, thanks \u003ca href=\"https://github.com/huang-julien\"\u003e\u003ccode\u003e@​huang-julien\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Change mock event detection - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34586\"\u003e#34586\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Explicitly tell whether smoke tests passed or failed - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34419\"\u003e#34419\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Fix Next.js Vite automigration corrupting configs already using `@storybook/nextjs-vite` - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34249\"\u003e#34249\u003c/a\u003e, thanks \u003ca href=\"https://github.com/nathanjessen\"\u003e\u003ccode\u003e@​nathanjessen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Fix agentic check - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34678\"\u003e#34678\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Handle minimumReleaseAge conflicts across package managers - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34769\"\u003e#34769\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JReinhold\"\u003e\u003ccode\u003e@​JReinhold\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Improve package incompatibility detection and warning - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34559\"\u003e#34559\u003c/a\u003e, thanks \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Improve self-healing scoring observability - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34699\"\u003e#34699\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md\"\u003estorybook's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAngular: Detect model() signal outputs (type inference + compodoc autodocs + runtime binding) - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34833\"\u003e#34833\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eBuild: Upgrade type-fest to latest version 5.6.0 - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34791\"\u003e#34791\u003c/a\u003e, thanks \u003ca href=\"https://github.com/tobiasdiez\"\u003e\u003ccode\u003e@​tobiasdiez\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Run \u003ccode\u003enpx expo install --fix\u003c/code\u003e after init for Expo projects - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34803\"\u003e#34803\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Support \u003ccode\u003epeerDependencies\u003c/code\u003e in framework detection for component libraries - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34516\"\u003e#34516\u003c/a\u003e, thanks \u003ca href=\"https://github.com/zhyd1997\"\u003e\u003ccode\u003e@​zhyd1997\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNext.js: Add useLinkStatus mock to next/link export mock - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34593\"\u003e#34593\u003c/a\u003e, thanks \u003ca href=\"https://github.com/philwolstenholme\"\u003e\u003ccode\u003e@​philwolstenholme\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eVue3: Specify a specific version for non-dev dependency - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34794\"\u003e#34794\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ScopeyNZ\"\u003e\u003ccode\u003e@​ScopeyNZ\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.4.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003cem\u003eAI-assisted setup, change-aware review, and stronger framework support\u003c/em\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eStorybook 10.4 contains hundreds of fixes and improvements including:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding\u003c/li\u003e\n\u003cli\u003e🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes\u003c/li\u003e\n\u003cli\u003e🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar\u003c/li\u003e\n\u003cli\u003e⚛️ TanStack React: New \u003ccode\u003e@storybook/tanstack-react\u003c/code\u003e framework with routing and server function support\u003c/li\u003e\n\u003cli\u003e🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server\u003c/li\u003e\n\u003cli\u003e📱 React Native: Zero config RN project initialization\u003c/li\u003e\n\u003cli\u003e🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eA11y: Add aria-live announcements via \u003ccode\u003e@​react-aria/live-announcer\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/33970\"\u003e#33970\u003c/a\u003e, thanks \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eA11y: Improve boolean control contrast in forced colors mode - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34204\"\u003e#34204\u003c/a\u003e, thanks \u003ca href=\"https://github.com/anchmelev\"\u003e\u003ccode\u003e@​anchmelev\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eActions: Fix state mutation and keep newest actions when limit reached - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34286\"\u003e#34286\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Docs: Add Reset story button to re-render stories in docs - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34086\"\u003e#34086\u003c/a\u003e, thanks \u003ca href=\"https://github.com/6810779s\"\u003e\u003ccode\u003e@​6810779s\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Docs: Avoid rerendering static Source blocks - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34206\"\u003e#34206\u003c/a\u003e, thanks \u003ca href=\"https://github.com/anchmelev\"\u003e\u003ccode\u003e@​anchmelev\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Vitest: Use Vitest's provide-API for injecting values - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34518\"\u003e#34518\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JReinhold\"\u003e\u003ccode\u003e@​JReinhold\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Add --extensive for an extra prompt - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34730\"\u003e#34730\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Allow failed stories to persist - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34717\"\u003e#34717\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Keep sample content if users want onboarding - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34704\"\u003e#34704\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAgentic Setup: Rework ai-init-opt-in logic - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34739\"\u003e#34739\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAngular: Use Story ID for renderer IDs (including standalone stories) - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/33982\"\u003e#33982\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ValentinFunk\"\u003e\u003ccode\u003e@​ValentinFunk\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAutomigration: Move RN on-device addons to \u003ccode\u003edeviceAddons\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34659\"\u003e#34659\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eBuilder-Vite: Add onModuleGraphChange method - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34323\"\u003e#34323\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ghengeveld\"\u003e\u003ccode\u003e@​ghengeveld\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Add automigrate check for 'storybook' package name conflict - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34290\"\u003e#34290\u003c/a\u003e, thanks \u003ca href=\"https://github.com/whdjh\"\u003e\u003ccode\u003e@​whdjh\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Add react-vite to tanstack-react automigration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34718\"\u003e#34718\u003c/a\u003e, thanks \u003ca href=\"https://github.com/huang-julien\"\u003e\u003ccode\u003e@​huang-julien\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Change mock event detection - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34586\"\u003e#34586\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Explicitly tell whether smoke tests passed or failed - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34419\"\u003e#34419\u003c/a\u003e, thanks \u003ca href=\"https://github.com/Sidnioulz\"\u003e\u003ccode\u003e@​Sidnioulz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Fix Next.js Vite automigration corrupting configs already using \u003ccode\u003e@storybook/nextjs-vite\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34249\"\u003e#34249\u003c/a\u003e, thanks \u003ca href=\"https://github.com/nathanjessen\"\u003e\u003ccode\u003e@​nathanjessen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Fix agentic check - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34678\"\u003e#34678\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Handle minimumReleaseAge conflicts across package managers - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34769\"\u003e#34769\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JReinhold\"\u003e\u003ccode\u003e@​JReinhold\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Improve package incompatibility detection and warning - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34559\"\u003e#34559\u003c/a\u003e, thanks \u003ca href=\"https://github.com/copilot-swe-agent\"\u003e\u003ccode\u003e@​copilot-swe-agent\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Improve self-healing scoring observability - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34699\"\u003e#34699\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Introduce Agentic Setup workflow - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34297\"\u003e#34297\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCLI: Remove extensive prompt option  - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/34740\"\u003e#34740\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/cc19ae1a2145e8f7cda8dc869f1b90d5346dcedb\"\u003e\u003ccode\u003ecc19ae1\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;10.4.0\u0026quot; to \u0026quot;10.4.1\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/f8c16d115cfcf0f79125b358266c37e5343bb70d\"\u003e\u003ccode\u003ef8c16d1\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;10.4.0-beta.0\u0026quot; to \u0026quot;10.4.0\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/e02da0b0d4cf9673999184b8f11c85b026954b69\"\u003e\u003ccode\u003ee02da0b\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;10.4.0-alpha.19\u0026quot; to \u0026quot;10.4.0-beta.0\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/6fe5959088c671aab5abe1d633f62d2937b8ef47\"\u003e\u003ccode\u003e6fe5959\u003c/code\u003e\u003c/a\u003e Merge branch 'next' into next-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/f9810c79241094cb2f3b01e011e8641f9f59f8eb\"\u003e\u003ccode\u003ef9810c7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/storybookjs/storybook/tree/HEAD/code/core/issues/34769\"\u003e#34769\u003c/a\u003e from storybookjs/jeppe/handle-minimum-release-age\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/db9d52b4a9aae0b7bd8b0903fa39719d0a441b6a\"\u003e\u003ccode\u003edb9d52b\u003c/code\u003e\u003c/a\u003e format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/bdc688fb4046bfe61954b8954e522c439764c07d\"\u003e\u003ccode\u003ebdc688f\u003c/code\u003e\u003c/a\u003e fix documentation string\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/eed7d2aae813d1160850f79df93755f7870e00b2\"\u003e\u003ccode\u003eeed7d2a\u003c/code\u003e\u003c/a\u003e simplify error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/429fb3e42609382e9d578cce3c8aa9817182c3c1\"\u003e\u003ccode\u003e429fb3e\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;10.4.0-alpha.18\u0026quot; to \u0026quot;10.4.0-alpha.19\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/79a8667f62ca826a3b0f1fb167e91260cf7bc911\"\u003e\u003ccode\u003e79a8667\u003c/code\u003e\u003c/a\u003e format\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/storybookjs/storybook/commits/v10.4.1/code/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.2.2 to 7.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.2...v7.3.3\"\u003e7.3.3\u003c/a\u003e (2026-05-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid destructure lowering for newer safari (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22346\"\u003e#22346\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e5ab51c0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca31424cccb075c88131132b929a63527d0e2b69\"\u003e\u003ccode\u003eca31424\u003c/code\u003e\u003c/a\u003e release: v7.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e\u003ccode\u003e5ab51c0\u003c/code\u003e\u003c/a\u003e fix: avoid destructure lowering for newer safari (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22346\"\u003e#22346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.3/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.28.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@remix-run/router` from 1.23.1 to 1.23.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/remix-run/react-router/blob/@remix-run/router@1.23.3/packages/router/CHANGELOG.md\"\u003e@​remix-run/router's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.23.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLift \u003ccode\u003edecodePath\u003c/code\u003e call out of hot path during route matching (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/15119\"\u003e#15119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNormalize double slashes in redirect paths (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/15118\"\u003e#15118\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.23.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eValidate redirect locations (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14707\"\u003e#14707\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/651211cd615a4b3a1d3f6ca8465eedbcac4f146c\"\u003e\u003ccode\u003e651211c\u003c/code\u003e\u003c/a\u003e Release v6.30.4 (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/15120\"\u003e#15120\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/4deb9c5234b0b81db910b635e31e3d2ce92937d1\"\u003e\u003ccode\u003e4deb9c5\u003c/code\u003e\u003c/a\u003e Lift decodePath call (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/15119\"\u003e#15119\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/d77f6b1db8202e2160098432df349dbed118c948\"\u003e\u003ccode\u003ed77f6b1\u003c/code\u003e\u003c/a\u003e Normalize double slashes in redirect paths (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/15118\"\u003e#15118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/f82a6f9a75a1284e33d91241ebe9242001031d9d\"\u003e\u003ccode\u003ef82a6f9\u003c/code\u003e\u003c/a\u003e Bring new release process into v6 branch (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/15115\"\u003e#15115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/c662ca366a414bf42624dd6cd20a7c414b2602e3\"\u003e\u003ccode\u003ec662ca3\u003c/code\u003e\u003c/a\u003e chore: Update version for release (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/14713\"\u003e#14713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/98ad6912daec8df0d911f786f18006048efd7ade\"\u003e\u003ccode\u003e98ad691\u003c/code\u003e\u003c/a\u003e chore: Update version for release (pre-v6) (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/14710\"\u003e#14710\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/2fbb84c83dae3695a0435beb0c3c0b467b7c2da2\"\u003e\u003ccode\u003e2fbb84c\u003c/code\u003e\u003c/a\u003e Validate redirect locations (v6) (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/router/issues/14707\"\u003e#14707\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/remix-run/react-router/commits/@remix-run/router@1.23.3/packages/router\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github...\n\n_Description has been truncated_","html_url":"https://github.com/palmtreecorporation/testapp-sdk/pull/113","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/palmtreecorporation%2Ftestapp-sdk/issues/113","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/113/packages"}},{"old_version":"10.1.1","new_version":"10.2.5","update_type":"minor","path":null,"pr_created_at":"2026-05-31T06:40:51.000Z","version_change":"10.1.1 → 10.2.5","issue":{"uuid":"4556800382","node_id":"PR_kwDOSsxf0M7hDb1x","number":2,"state":"open","title":"chore(deps): bump the production-dependencies group with 23 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T06:40:51.000Z","updated_at":"2026-05-31T06:41:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"production-dependencies","update_count":23,"packages":[{"name":"@clack/prompts","old_version":"0.11.0","new_version":"1.5.0","repository_url":"https://github.com/bombshell-dev/clack"},{"name":"@floating-ui/dom","old_version":"1.7.4","new_version":"1.7.6","repository_url":"https://github.com/floating-ui/floating-ui"},{"name":"esbuild-sass-plugin","old_version":"3.6.0","new_version":"3.7.0","repository_url":"https://github.com/glromeo/esbuild-sass-plugin"},{"name":"flexsearch","old_version":"0.8.205","new_version":"0.8.212","repository_url":"https://github.com/nextapps-de/flexsearch"},{"name":"globby","old_version":"16.1.0","new_version":"16.2.0","repository_url":"https://github.com/sindresorhus/globby"},{"name":"lightningcss","old_version":"1.31.1","new_version":"1.32.0","repository_url":"https://github.com/parcel-bundler/lightningcss"},{"name":"minimatch","old_version":"10.1.1","new_version":"10.2.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"pixi.js","old_version":"8.15.0","new_version":"8.18.1","repository_url":"https://github.com/pixijs/pixijs"},{"name":"preact","old_version":"10.28.2","new_version":"10.29.2","repository_url":"https://github.com/preactjs/preact"},{"name":"preact-render-to-string","old_version":"6.6.5","new_version":"6.7.0","repository_url":"https://github.com/preactjs/preact-render-to-string"},{"name":"rehype-citation","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/timlrx/rehype-citation"},{"name":"rehype-pretty-code","old_version":"0.14.1","new_version":"0.14.3","repository_url":"https://github.com/rehype-pretty/rehype-pretty-code"},{"name":"satori","old_version":"0.19.1","new_version":"0.26.0","repository_url":"https://github.com/vercel/satori"},{"name":"serve-handler","old_version":"6.1.6","new_version":"6.1.7","repository_url":"https://github.com/vercel/serve-handler"},{"name":"shiki","old_version":"1.26.2","new_version":"4.1.0","repository_url":"https://github.com/shikijs/shiki"},{"name":"toml","old_version":"3.0.0","new_version":"4.1.1","repository_url":"https://github.com/BinaryMuse/toml-node"},{"name":"workerpool","old_version":"10.0.1","new_version":"10.0.2","repository_url":"https://github.com/josdejong/workerpool"},{"name":"ws","old_version":"8.19.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"@types/node","old_version":"25.0.10","new_version":"25.9.1","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"esbuild","old_version":"0.27.2","new_version":"0.27.7","repository_url":"https://github.com/evanw/esbuild"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.3","repository_url":"https://github.com/prettier/prettier"},{"name":"tsx","old_version":"4.21.0","new_version":"4.22.3","repository_url":"https://github.com/privatenumber/tsx"},{"name":"typescript","old_version":"5.9.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the production-dependencies group with 23 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts) | `0.11.0` | `1.5.0` |\n| [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) | `1.7.4` | `1.7.6` |\n| [esbuild-sass-plugin](https://github.com/glromeo/esbuild-sass-plugin) | `3.6.0` | `3.7.0` |\n| [flexsearch](https://github.com/nextapps-de/flexsearch) | `0.8.205` | `0.8.212` |\n| [globby](https://github.com/sindresorhus/globby) | `16.1.0` | `16.2.0` |\n| [lightningcss](https://github.com/parcel-bundler/lightningcss) | `1.31.1` | `1.32.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `10.1.1` | `10.2.5` |\n| [pixi.js](https://github.com/pixijs/pixijs) | `8.15.0` | `8.18.1` |\n| [preact](https://github.com/preactjs/preact) | `10.28.2` | `10.29.2` |\n| [preact-render-to-string](https://github.com/preactjs/preact-render-to-string) | `6.6.5` | `6.7.0` |\n| [rehype-citation](https://github.com/timlrx/rehype-citation) | `2.3.1` | `2.3.2` |\n| [rehype-pretty-code](https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core) | `0.14.1` | `0.14.3` |\n| [satori](https://github.com/vercel/satori) | `0.19.1` | `0.26.0` |\n| [serve-handler](https://github.com/vercel/serve-handler) | `6.1.6` | `6.1.7` |\n| [shiki](https://github.com/shikijs/shiki/tree/HEAD/packages/shiki) | `1.26.2` | `4.1.0` |\n| [toml](https://github.com/BinaryMuse/toml-node) | `3.0.0` | `4.1.1` |\n| [workerpool](https://github.com/josdejong/workerpool) | `10.0.1` | `10.0.2` |\n| [ws](https://github.com/websockets/ws) | `8.19.0` | `8.21.0` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.10` | `25.9.1` |\n| [esbuild](https://github.com/evanw/esbuild) | `0.27.2` | `0.27.7` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |\n| [tsx](https://github.com/privatenumber/tsx) | `4.21.0` | `4.22.3` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |\n\nUpdates `@clack/prompts` from 0.11.0 to 1.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bombshell-dev/clack/releases\"\u003e@​clack/prompts's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/543\"\u003e#543\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/florian-lefebvre\"\u003e\u003ccode\u003e@​florian-lefebvre\u003c/code\u003e\u003c/a\u003e! - Adds support for Standard Schema validation\u003c/p\u003e\n\u003cp\u003ePrompts accept an optional \u003ccode\u003evalidate()\u003c/code\u003e function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.\u003c/p\u003e\n\u003cp\u003eLibraries following the \u003ca href=\"https://github.com/standard-schema/standard-schema\"\u003eStandard Schema specification\u003c/a\u003e are now natively supported. For example, using \u003ca href=\"https://arktype.io/\"\u003eArktype\u003c/a\u003e:\u003c/p\u003e\n\u003cpre lang=\"diff\"\u003e\u003ccode\u003eimport { text } from '@clack/prompts';\nimport { type } from 'arktype';\n\u003cp\u003econst name = await text({\nmessage: 'Enter your email',\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003evalidate: type('string.email').describe('Invalid email'),\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/542\"\u003e#542\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/534\"\u003e#534\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/MattStypa\"\u003e\u003ccode\u003e@​MattStypa\u003c/code\u003e\u003c/a\u003e! - Fixed spaces and uppercase characters in multiline prompt\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/540\"\u003e#540\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e284677e: Support scrolling and \u003ccode\u003emaxItems\u003c/code\u003e option for \u003ccode\u003egroupMultiselect\u003c/code\u003e, and removes indent when \u003ccode\u003ewithGuide\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eaab46a2: docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts\u003c/li\u003e\n\u003cli\u003e54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [54be8d7]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​clack/prompts\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eea5702e: fix: add engines field expressing node \u0026gt;=20.12 requirement\u003c/li\u003e\n\u003cli\u003e814ab9a: Add new multiline prompt for multi-line text input.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md\"\u003e@​clack/prompts's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.5.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/543\"\u003e#543\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/florian-lefebvre\"\u003e\u003ccode\u003e@​florian-lefebvre\u003c/code\u003e\u003c/a\u003e! - Adds support for Standard Schema validation\u003c/p\u003e\n\u003cp\u003ePrompts accept an optional \u003ccode\u003evalidate()\u003c/code\u003e function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.\u003c/p\u003e\n\u003cp\u003eLibraries following the \u003ca href=\"https://github.com/standard-schema/standard-schema\"\u003eStandard Schema specification\u003c/a\u003e are now natively supported. For example, using \u003ca href=\"https://arktype.io/\"\u003eArktype\u003c/a\u003e:\u003c/p\u003e\n\u003cpre lang=\"diff\"\u003e\u003ccode\u003eimport { text } from '@clack/prompts';\nimport { type } from 'arktype';\n\u003cp\u003econst name = await text({\nmessage: 'Enter your email',\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003evalidate: type('string.email').describe('Invalid email'),\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/542\"\u003e#542\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/534\"\u003e#534\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/MattStypa\"\u003e\u003ccode\u003e@​MattStypa\u003c/code\u003e\u003c/a\u003e! - Fixed spaces and uppercase characters in multiline prompt\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/bombshell-dev/clack/pull/540\"\u003e#540\u003c/a\u003e \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ghostdevv\"\u003e\u003ccode\u003e@​ghostdevv\u003c/code\u003e\u003c/a\u003e! - docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.4.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e284677e: Support scrolling and \u003ccode\u003emaxItems\u003c/code\u003e option for \u003ccode\u003egroupMultiselect\u003c/code\u003e, and removes indent when \u003ccode\u003ewithGuide\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eaab46a2: docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts\u003c/li\u003e\n\u003cli\u003e54be8d7: Fix line wrapping and overflow computation in group multi-select and other list-like prompts.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [54be8d7]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​clack/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.3.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eea5702e: fix: add engines field expressing node \u0026gt;=20.12 requirement\u003c/li\u003e\n\u003cli\u003e814ab9a: Add new multiline prompt for multi-line text input.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/030ba4d776e5985050c0e2712da7008bd93b8847\"\u003e\u003ccode\u003e030ba4d\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/539\"\u003e#539\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6\"\u003e\u003ccode\u003e83428ac\u003c/code\u003e\u003c/a\u003e feat: standard schema for validation (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a\"\u003e\u003ccode\u003eadb6af9\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003ebox\u003c/code\u003e, \u003ccode\u003egroup\u003c/code\u003e, and \u003ccode\u003egroup-multi-select\u003c/code\u003e (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/542\"\u003e#542\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad\"\u003e\u003ccode\u003e3170ed9\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003eautocomplete\u003c/code\u003e, \u003ccode\u003econfirm\u003c/code\u003e, and \u003ccode\u003epath\u003c/code\u003e prompts (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/540\"\u003e#540\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364\"\u003e\u003ccode\u003e3dcb31a\u003c/code\u003e\u003c/a\u003e fix: spaces and uppercase characters in multiline input (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/534\"\u003e#534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/fe2bcd278635fc0aaf2482ed0aea82d57ae1c421\"\u003e\u003ccode\u003efe2bcd2\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/aab46a2a7ed85627743bdbf0da30acc8b2ace385\"\u003e\u003ccode\u003eaab46a2\u003c/code\u003e\u003c/a\u003e docs: add jsdoc for \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003epassword\u003c/code\u003e, and \u003ccode\u003emultiline\u003c/code\u003e prompts (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/523\"\u003e#523\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/54be8d7a75c952b2157e94a78f70d40fa2d5321e\"\u003e\u003ccode\u003e54be8d7\u003c/code\u003e\u003c/a\u003e fix: trim lines from correct end (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/532\"\u003e#532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/284677eaae0c461dafccfe1eb3e8c32fcebd6bbf\"\u003e\u003ccode\u003e284677e\u003c/code\u003e\u003c/a\u003e feat(prompts): support maxItems in groupMultiselect (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/528\"\u003e#528\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bombshell-dev/clack/commit/05bfd4353592016cf3f4c941f663fab84c14edb2\"\u003e\u003ccode\u003e05bfd43\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.5.0/packages/prompts\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​clack/prompts\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@floating-ui/dom` from 1.7.4 to 1.7.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/floating-ui/floating-ui/releases\"\u003e@​floating-ui/dom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​floating-ui/dom\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.7.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type contains \u003ccode\u003edetectOverflow\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003eperf: bundle and runtime improvements\u003c/li\u003e\n\u003cli\u003efeat(autoUpdate): allow not passing a floating element\u003c/li\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/utils@0.2.11\u003c/code\u003e, \u003ccode\u003e@floating-ui/core@1.7.5\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md\"\u003e@​floating-ui/dom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.7.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type contains \u003ccode\u003edetectOverflow\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003eperf: bundle and runtime improvements\u003c/li\u003e\n\u003cli\u003efeat(autoUpdate): allow not passing a floating element\u003c/li\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/utils@0.2.11\u003c/code\u003e, \u003ccode\u003e@floating-ui/core@1.7.5\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.7.5\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate dependencies: \u003ccode\u003e@floating-ui/core@1.7.4\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/d8020ee98c702caa31fa9b4d929ca782c6b58c59\"\u003e\u003ccode\u003ed8020ee\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3445\"\u003e#3445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/6e63557c89af9b92f50635cdc993a4b7bbcd9345\"\u003e\u003ccode\u003e6e63557\u003c/code\u003e\u003c/a\u003e feat(autoUpdate): allow not passing a floating element (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3399\"\u003e#3399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/473aa1e2ff22594ed782842d2d9e816a982188cc\"\u003e\u003ccode\u003e473aa1e\u003c/code\u003e\u003c/a\u003e perf: bundle and runtime improvements (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3448\"\u003e#3448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/a82e45f175bb1a518d3934d747c1b767f558d171\"\u003e\u003ccode\u003ea82e45f\u003c/code\u003e\u003c/a\u003e fix(utils): stop treating \u003ccode\u003econtainer-type\u003c/code\u003e as creating containing block (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3437\"\u003e#3437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/eedda374962cc3fd6c5add6b6cd54b0bea9baa60\"\u003e\u003ccode\u003eeedda37\u003c/code\u003e\u003c/a\u003e fix(types): ensure \u003ccode\u003ePlatform\u003c/code\u003e type includes \u003ccode\u003edetectOverflow\u003c/code\u003e type (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3434\"\u003e#3434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/floating-ui/floating-ui/commit/b4d1407cbda07ef13bcac24ee0b3ac67216c9c57\"\u003e\u003ccode\u003eb4d1407\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom/issues/3415\"\u003e#3415\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.7.6/packages/dom\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​floating-ui/dom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild-sass-plugin` from 3.6.0 to 3.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/glromeo/esbuild-sass-plugin/releases\"\u003eesbuild-sass-plugin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.7.0 Hasta la vista\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/glromeo/esbuild-sass-plugin/commits/v3.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flexsearch` from 0.8.205 to 0.8.212\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nextapps-de/flexsearch/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `globby` from 16.1.0 to 16.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/globby/releases\"\u003eglobby's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ca href=\"https://github.com/sindresorhus/globby?tab=readme-ov-file#globalgitignore\"\u003e\u003ccode\u003eglobalGitignore\u003c/code\u003e\u003c/a\u003e option  51555b2\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.1...v16.2.0\"\u003ehttps://github.com/sindresorhus/globby/compare/v16.1.1...v16.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev16.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix negation patterns with absolute filesystem paths  72e9916\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.0...v16.1.1\"\u003ehttps://github.com/sindresorhus/globby/compare/v16.1.0...v16.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/60e816778abd4fc805d8ce2e981567759b035504\"\u003e\u003ccode\u003e60e8167\u003c/code\u003e\u003c/a\u003e 16.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/51555b26d780002f2fe7b2aaddc45f36d8ad339d\"\u003e\u003ccode\u003e51555b2\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003eglobalGitignore\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/8d946e288354c8ed87e7848e8a9f684c4b840f28\"\u003e\u003ccode\u003e8d946e2\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/ff45aa5140eaf6c9e6637fdbfa19ec23d55bd388\"\u003e\u003ccode\u003eff45aa5\u003c/code\u003e\u003c/a\u003e 16.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globby/commit/72e991615df2da0ff3c12980ddfcdc60e4848f6f\"\u003e\u003ccode\u003e72e9916\u003c/code\u003e\u003c/a\u003e Fix negation patterns with absolute filesystem paths\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sindresorhus/globby/compare/v16.1.0...v16.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lightningcss` from 1.31.1 to 1.32.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/parcel-bundler/lightningcss/releases\"\u003elightningcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.32.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/880\"\u003eEnable custom resolvers to mark imports as external\u003c/a\u003e. Resolvers may now return \u003ccode\u003e{external: string}\u003c/code\u003e to mark an import as external. This will leave the \u003ccode\u003e@import\u003c/code\u003e in the output CSS instead of bundling it. See \u003ca href=\"https://lightningcss.dev/bundling.html#custom-resolvers\"\u003ethe docs\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1170\"\u003eAllow visitors to add dependencies\u003c/a\u003e. Visitors may now be functions which receive an \u003ccode\u003eaddDependency\u003c/code\u003e function as an option. Dependencies may be used by tools that call Lightning CSS such as bundlers to implement file watching or caching. See \u003ca href=\"https://lightningcss.dev/transforms.html#dependencies\"\u003ethe docs\u003c/a\u003e for details.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1148\"\u003eAdd \u003ccode\u003emix-blend-mode\u003c/code\u003e property support\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1152\"\u003eOutput unknown \u003ccode\u003ecolor-scheme\u003c/code\u003e keywords as-is instead of \u003ccode\u003enormal\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1147\"\u003eImproved serialization of the rotate property\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1145\"\u003ekeep a single space between functions when formatting \u003ccode\u003etransform\u003c/code\u003e values\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1142\"\u003eFix additionally inserted whitespace in \u003ccode\u003evar(--foo,)\u003c/code\u003e and \u003ccode\u003eenv(--foo,)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/parcel-bundler/lightningcss/pull/1174\"\u003eConvert the percentage in the \u003ccode\u003escale\u003c/code\u003e property or \u003ccode\u003escale()\u003c/code\u003e to a number\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/parcel-bundler/lightningcss/commit/836741b5ecc4ae70289b2a26ce265df6c8486357\"\u003eupdate compat data\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/parcel-bundler/lightningcss/commits/v1.32.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 10.1.1 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/693c82377d0948401be4c6d3220c9a74132ab112\"\u003e\u003ccode\u003e693c823\u003c/code\u003e\u003c/a\u003e 10.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7953af1fac53267c05e362f036b70de898318faa\"\u003e\u003ccode\u003e7953af1\u003c/code\u003e\u003c/a\u003e do not allow .. to consume drive letter on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1caf91893b67586255c68e2e513b14ac66785a24\"\u003e\u003ccode\u003e1caf918\u003c/code\u003e\u003c/a\u003e lint and format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7783ed6670442acb4d455b9b164a1b2a33507a45\"\u003e\u003ccode\u003e7783ed6\u003c/code\u003e\u003c/a\u003e ignore docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/6d9b356cd59372de00e1d5f3b8907a3350b9b8e5\"\u003e\u003ccode\u003e6d9b356\u003c/code\u003e\u003c/a\u003e update deps etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c36addb94e33f14254b9ca9017e63ae9c9d80d1d\"\u003e\u003ccode\u003ec36addb\u003c/code\u003e\u003c/a\u003e 10.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26b90027d5ad0c383b5253a4e45d6dc7da282db4\"\u003e\u003ccode\u003e26b9002\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/3a0d83b6f03a17ebc15361c2faa7110777042aab\"\u003e\u003ccode\u003e3a0d83b\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ea94840326c3f40522f1b544bd2303024b0eec35\"\u003e\u003ccode\u003eea94840\u003c/code\u003e\u003c/a\u003e 10.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0873fbabc00a86e09f4469386059a71abb136c93\"\u003e\u003ccode\u003e0873fba\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v10.1.1...v10.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `pixi.js` from 8.15.0 to 8.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pixijs/pixijs/releases\"\u003epixi.js's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.1\u003c/h2\u003e\n\u003ch2\u003e💾 Download\u003c/h2\u003e\n\u003cp\u003eInstallation:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003enpm install pixi.js@8.18.1\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eDevelopment Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProduction Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.1/dist/pixi.min.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pixijs.download/v8.18.1/docs/index.html\"\u003ehttps://pixijs.download/v8.18.1/docs/index.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.18.0...v8.18.1\"\u003ehttps://github.com/pixijs/pixijs/compare/v8.18.0...v8.18.1\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🐛 Fixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: prevent error when using \u003ccode\u003eApplication.domContainerRoot\u003c/code\u003e in Node.js by \u003ca href=\"https://github.com/UlyssesZh\"\u003e\u003ccode\u003e@​UlyssesZh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pixijs/pixijs/pull/12017\"\u003epixijs/pixijs#12017\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003e💾 Download\u003c/h2\u003e\n\u003cp\u003eInstallation:\u003c/p\u003e\n\u003cpre lang=\"bash\"\u003e\u003ccode\u003enpm install pixi.js@8.18.0\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eDevelopment Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProduction Build:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.js\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.js\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.mjs\"\u003ehttps://cdn.jsdelivr.net/npm/pixi.js@8.18.0/dist/pixi.min.mjs\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDocumentation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pixijs.download/v8.18.0/docs/index.html\"\u003ehttps://pixijs.download/v8.18.0/docs/index.html\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/pixijs/pixijs/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🚨 Behavior Change\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003etext.width\u003c/code\u003e and word wrap returning incorrect values by \u003ca href=\"https://github.com/Zyie\"\u003e\u003ccode\u003e@​Zyie\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pixijs/pixijs/pull/12007\"\u003epixijs/pixijs#12007\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eText\u003c/code\u003e/\u003ccode\u003eHTMLText\u003c/code\u003e/\u003ccode\u003eBitmapText\u003c/code\u003e with \u003ccode\u003ewordWrap: true\u003c/code\u003e and non-left \u003ccode\u003ealign\u003c/code\u003e (\u003ccode\u003ecenter\u003c/code\u003e/\u003ccode\u003eright\u003c/code\u003e/\u003ccode\u003ejustify\u003c/code\u003e) now return the true rendered width from \u003ccode\u003etext.width\u003c/code\u003e instead of reporting \u003ccode\u003ewordWrapWidth\u003c/code\u003e. If you relied on \u003ccode\u003etext.width === wordWrapWidth\u003c/code\u003e for layout, use \u003ccode\u003ewordWrapWidth\u003c/code\u003e directly or wrap the text in a sized container.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/8f42bb760872ed6652775d00a4de448ac277e783\"\u003e\u003ccode\u003e8f42bb7\u003c/code\u003e\u003c/a\u003e v8.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1947eb616e415af7fe9c0436239d93991d58d27f\"\u003e\u003ccode\u003e1947eb6\u003c/code\u003e\u003c/a\u003e fix: prevent error when using Application.domContainerRoot in Node.js (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12017\"\u003e#12017\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/2c5818b0e75b835ba5980844136b10cbdc3982a9\"\u003e\u003ccode\u003e2c5818b\u003c/code\u003e\u003c/a\u003e v8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/39d22791e09959d59bee5d90ed7ccb6db06d8c47\"\u003e\u003ccode\u003e39d2279\u003c/code\u003e\u003c/a\u003e chore: move \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e to production dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1c1f19364f27508ab1cc9043e27ba15cf4741b3e\"\u003e\u003ccode\u003e1c1f193\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e to 0.8.12 (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12016\"\u003e#12016\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/7a8f55c37f60ffe887ca318ac22d12331f733760\"\u003e\u003ccode\u003e7a8f55c\u003c/code\u003e\u003c/a\u003e feat: add graphicsContextToSvg() for Graphics → SVG export (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/11989\"\u003e#11989\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/16dad504f68bfee55987c6a2a3aef1d98f36f1f9\"\u003e\u003ccode\u003e16dad50\u003c/code\u003e\u003c/a\u003e fix: TilingSprite tilePosition divided by resolution when using Canvas render...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/5e4640bbc3e1a9d4cb0203f57d891da30f65d395\"\u003e\u003ccode\u003e5e4640b\u003c/code\u003e\u003c/a\u003e fix: SplitText baseline mismatch when tagStyles used with lineHeight (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12008\"\u003e#12008\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/19b206cd41c86940dbfcc441367141108382eadb\"\u003e\u003ccode\u003e19b206c\u003c/code\u003e\u003c/a\u003e fix: move CanvasFilterSystem to filters module (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/12014\"\u003e#12014\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pixijs/pixijs/commit/1b9b7d0c83f35ba05500dc81cbb2433962ca025a\"\u003e\u003ccode\u003e1b9b7d0\u003c/code\u003e\u003c/a\u003e fix: Handle literal \u003ccode\u003e\u0026lt;\u003c/code\u003e characters in parseTaggedText (\u003ca href=\"https://redirect.github.com/pixijs/pixijs/issues/11972\"\u003e#11972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pixijs/pixijs/compare/v8.15.0...v8.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `preact` from 10.28.2 to 10.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact/releases\"\u003epreact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e10.29.2\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix hydration when we have defaultValue or value on a textarea (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5081\"\u003e#5081\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CODEOWNERS for GitHub configuration (v10.x) (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5088\"\u003e#5088\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix trusted publishing workflow (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5084\"\u003e#5084\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrusted publishing (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5072\"\u003e#5072\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.29.1\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCreate a unique event-clock for each Preact instance on a page. (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5068\"\u003e#5068\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix incorrect DOM order with conditional ContextProvider and inner keys (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5067\"\u003e#5067\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMaintenance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: Remove postinstall script for playwright setup (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5063\"\u003e#5063\u003c/a\u003e, thanks \u003ca href=\"https://github.com/rschristian\"\u003e\u003ccode\u003e@​rschristian\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: speed up tests by using playwright instead of webdriverio (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5060\"\u003e#5060\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: migrate remaining .js -\u0026gt; .jsx files (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5059\"\u003e#5059\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echore: rename \u003ccode\u003e.test.js\u003c/code\u003e -\u0026gt; \u003ccode\u003e.test.jsx\u003c/code\u003e when JSX is used (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5058\"\u003e#5058\u003c/a\u003e, thanks \u003ca href=\"https://github.com/marvinhagemeister\"\u003e\u003ccode\u003e@​marvinhagemeister\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMigrate from biome to oxfmt (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5033\"\u003e#5033\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.29.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement flushSync (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5036\"\u003e#5036\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure we reset renderCount (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5017\"\u003e#5017\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eundefined prototype (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5041\"\u003e#5041\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePerformance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGolf down compat (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5025\"\u003e#5025\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.28.4\u003c/h2\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix crash where a synchronous effect render unmounts the tree (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5026\"\u003e#5026\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePerformance\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCore size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5022\"\u003e#5022\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHooks size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5021\"\u003e#5021\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake oldProps diffing more compact (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5004\"\u003e#5004\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5019\"\u003e#5019\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompat size optimizations (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5020\"\u003e#5020\u003c/a\u003e, thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/fce6ed7a6d5f2c7333d9c26fb09f5bb9e929a737\"\u003e\u003ccode\u003efce6ed7\u003c/code\u003e\u003c/a\u003e 10.29.2 (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5091\"\u003e#5091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/84581d0b9bcc8788058fa171f437445471fc0f9f\"\u003e\u003ccode\u003e84581d0\u003c/code\u003e\u003c/a\u003e Fix buggy edge case (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5090\"\u003e#5090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/5a39554bbde4f7768e2537f19896e3ea7cbb592b\"\u003e\u003ccode\u003e5a39554\u003c/code\u003e\u003c/a\u003e Add CODEOWNERS for GitHub configuration (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5088\"\u003e#5088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/562e0f510bb98ccc73d0fea4e8c1339a3cb1da07\"\u003e\u003ccode\u003e562e0f5\u003c/code\u003e\u003c/a\u003e Fix trusted publishing workflow (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5084\"\u003e#5084\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/3a012555a9cd572fb85016c915ac61aecded51b7\"\u003e\u003ccode\u003e3a01255\u003c/code\u003e\u003c/a\u003e Trusted publishing (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5072\"\u003e#5072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/cae8d3a4a6695809e287ec7fddd992db377a1234\"\u003e\u003ccode\u003ecae8d3a\u003c/code\u003e\u003c/a\u003e Fix migrations when we have defaultValue or value on a textarea (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5081\"\u003e#5081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/4dc9b508dd37544b858bfa52d28e12d219effdbb\"\u003e\u003ccode\u003e4dc9b50\u003c/code\u003e\u003c/a\u003e 10.29.1 (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5071\"\u003e#5071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/0560f9aa1eb7f329033eca51b4c50ade5fb8396e\"\u003e\u003ccode\u003e0560f9a\u003c/code\u003e\u003c/a\u003e Create a unique event-clock for each Preact instance on a page. (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5068\"\u003e#5068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/cda06de806a3244c3dd318dfc2b4c7bf2aca6a9a\"\u003e\u003ccode\u003ecda06de\u003c/code\u003e\u003c/a\u003e Fix incorrect DOM order with conditional ContextProvider and inner keys (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/506\"\u003e#506\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact/commit/c859700e53196465607b2a351a2133b1a4d8834a\"\u003e\u003ccode\u003ec859700\u003c/code\u003e\u003c/a\u003e fix: Remove postinstall script for playwright setup (\u003ca href=\"https://redirect.github.com/preactjs/preact/issues/5063\"\u003e#5063\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/preactjs/preact/compare/10.28.2...10.29.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for preact since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `preact-render-to-string` from 6.6.5 to 6.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact-render-to-string/releases\"\u003epreact-render-to-string's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/450\"\u003e#450\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/dbc692fd60a9187174491a085d60e635560cb8c6\"\u003e\u003ccode\u003edbc692f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Adjust the comment-marker for streaming to be the same as renderToStringAsync where we use \\$s\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/461\"\u003e#461\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Reject unsafe namespaced attribute names before normalizing SVG/XML attribute casing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.6.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/457\"\u003e#457\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/ce6ef7153113af70c32ee952d0fbce01e0115de4\"\u003e\u003ccode\u003ece6ef71\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/lemonmade\"\u003e\u003ccode\u003e@​lemonmade\u003c/code\u003e\u003c/a\u003e! - fix: renderToStringAsync produces commas for suspended components with complex children\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.6.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/446\"\u003e#446\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b7b288c68ed8c97ed8eb6c26929111debdc03435\"\u003e\u003ccode\u003eb7b288c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Fix issues regarding streaming full HTML documents\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/preactjs/preact-render-to-string/blob/main/CHANGELOG.md\"\u003epreact-render-to-string's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.7.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/450\"\u003e#450\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/dbc692fd60a9187174491a085d60e635560cb8c6\"\u003e\u003ccode\u003edbc692f\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Adjust the comment-marker for streaming to be the same as renderToStringAsync where we use $s\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/461\"\u003e#461\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Reject unsafe namespaced attribute names before normalizing SVG/XML attribute casing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/457\"\u003e#457\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/ce6ef7153113af70c32ee952d0fbce01e0115de4\"\u003e\u003ccode\u003ece6ef71\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/lemonmade\"\u003e\u003ccode\u003e@​lemonmade\u003c/code\u003e\u003c/a\u003e! - fix: renderToStringAsync produces commas for suspended components with complex children\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.6.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/pull/446\"\u003e#446\u003c/a\u003e \u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b7b288c68ed8c97ed8eb6c26929111debdc03435\"\u003e\u003ccode\u003eb7b288c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/JoviDeCroock\"\u003e\u003ccode\u003e@​JoviDeCroock\u003c/code\u003e\u003c/a\u003e! - Fix issues regarding streaming full HTML documents\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/eb871c8e808ed94bcd95824b10048683d4ccb358\"\u003e\u003ccode\u003eeb871c8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/460\"\u003e#460\u003c/a\u003e from preactjs/changeset-release/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/b22fc16c3aa8efcd15e33f01b2e9acfd4500f3be\"\u003e\u003ccode\u003eb22fc16\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/833043bc3463c81094464f3143fab3469e2e1052\"\u003e\u003ccode\u003e833043b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/461\"\u003e#461\u003c/a\u003e from preactjs/fix-link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/e32a4cd8e7cb06d906a8854616d109c2d2a0189f\"\u003e\u003ccode\u003ee32a4cd\u003c/code\u003e\u003c/a\u003e Reject namespaced attribute\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/990307a99cace84c67bd7520a6bd32cffa9ad219\"\u003e\u003ccode\u003e990307a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/458\"\u003e#458\u003c/a\u003e from preactjs/changesets-based-publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/bcd3b0b1618dc825a37aef2f8f2052a4b10c8345\"\u003e\u003ccode\u003ebcd3b0b\u003c/code\u003e\u003c/a\u003e Pin npm in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/950a59f11fd0c392890332401f2deb16cdd8b012\"\u003e\u003ccode\u003e950a59f\u003c/code\u003e\u003c/a\u003e Add changesets based publishing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/797a662aa267c917fcb446cd92129066db682b6e\"\u003e\u003ccode\u003e797a662\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/450\"\u003e#450\u003c/a\u003e from preactjs/id-adjustements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/df713c5a475baf34b26a77a6c1f00ad078d73a68\"\u003e\u003ccode\u003edf713c5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/preactjs/preact-render-to-string/issues/454\"\u003e#454\u003c/a\u003e from preactjs/changeset-release/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/preactjs/preact-render-to-string/commit/39da545985de82cac948cdb52081e52bf76591f5\"\u003e\u003ccode\u003e39da545\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/preactjs/preact-render-to-string/compare/v6.6.5...v6.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rehype-citation` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/timlrx/rehype-citation/releases\"\u003erehype-citation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate dependencies by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/60\"\u003etimlrx/rehype-citation#60\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update ci and netlify node version by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/61\"\u003etimlrx/rehype-citation#61\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: footnote typing by \u003ca href=\"https://github.com/timlrx\"\u003e\u003ccode\u003e@​timlrx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/pull/62\"\u003etimlrx/rehype-citation#62\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\"\u003ehttps://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/19a9f4dfb9815fc16d0df53aa93a8b2a954ef3ba\"\u003e\u003ccode\u003e19a9f4d\u003c/code\u003e\u003c/a\u003e 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/d785742ee34ae15c4562309623567b4e5e4fb639\"\u003e\u003ccode\u003ed785742\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/62\"\u003e#62\u003c/a\u003e from timlrx/fix-footnote-type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/dbfce4828e1c991fd5645908aff7aba5aef54ff2\"\u003e\u003ccode\u003edbfce48\u003c/code\u003e\u003c/a\u003e fix: footnote typing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/b3d64a086836f998de5801b42952738be7d38128\"\u003e\u003ccode\u003eb3d64a0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/61\"\u003e#61\u003c/a\u003e from timlrx/update-ci-node-version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/21e59f74581be2d9c82ca7a0789f2c24fa9bda50\"\u003e\u003ccode\u003e21e59f7\u003c/code\u003e\u003c/a\u003e chore: update netlify node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/eceb790b3886da8502a6e0e33f40b5be44ca9931\"\u003e\u003ccode\u003eeceb790\u003c/code\u003e\u003c/a\u003e chore: update ci node version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/a86aec612e8da9756fcc562c137cdc6cd289f9a7\"\u003e\u003ccode\u003ea86aec6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/timlrx/rehype-citation/issues/60\"\u003e#60\u003c/a\u003e from timlrx/update-dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/17966586b5fceef9a6a6c5804e02ff7c1107b0c9\"\u003e\u003ccode\u003e1796658\u003c/code\u003e\u003c/a\u003e chore: update to tailwind v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/6bcf5a58967b050862287f2d9b81a56b35146952\"\u003e\u003ccode\u003e6bcf5a5\u003c/code\u003e\u003c/a\u003e chore: sync changes from citation-js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/timlrx/rehype-citation/commit/67a76f2054a5ce3db6e139569f0262a6248e28a9\"\u003e\u003ccode\u003e67a76f2\u003c/code\u003e\u003c/a\u003e chore: update outdated link\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/timlrx/rehype-citation/compare/v2.3.1...v2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rehype-pretty-code` from 0.14.1 to 0.14.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/releases\"\u003erehype-pretty-code's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erehype-pretty-code@0.14.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Shiki 4\u003c/li\u003e\n\u003cli\u003echore: fix npm OIDC trusted publishing workflow\u003c/li\u003e\n\u003cli\u003edocs: update docs with renamed shiki function: \u003ccode\u003egetHighlighter\u003c/code\u003e -\u0026gt; \u003ccode\u003ecreateHighlighter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/blob/master/packages/core/CHANGELOG.md\"\u003erehype-pretty-code's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.14.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: fix npm OIDC trusted publishing workflow\u003c/li\u003e\n\u003cli\u003edocs: update docs with renamed shiki function: \u003ccode\u003egetHighlighter\u003c/code\u003e -\u0026gt; \u003ccode\u003ecreateHighlighter\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.14.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Shiki 4\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/8c3530faea43a7e23ed5e301024d2860970e9594\"\u003e\u003ccode\u003e8c3530f\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/270\"\u003e#270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/9b53bd13bd7d4c878e9151f5151c5923757889ae\"\u003e\u003ccode\u003e9b53bd1\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/268\"\u003e#268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commit/d14e99613309c386116d26f8f815ffd682e1ed46\"\u003e\u003ccode\u003ed14e996\u003c/code\u003e\u003c/a\u003e Support Shiki 4 (\u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/tree/HEAD/packages/core/issues/267\"\u003e#267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rehype-pretty/rehype-pretty-code/commits/rehype-pretty-code@0.14.3/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for rehype-pretty-code since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `satori` from 0.19.1 to 0.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/satori/releases\"\u003esatori's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.26.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.25.0...0.26.0\"\u003e0.26.0\u003c/a\u003e (2026-03-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuiltin minimal JSX runtime (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/737\"\u003e#737\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/eab60eeecca1bcefc95d69a674f20f572155fe26\"\u003eeab60ee\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.24.1...0.25.0\"\u003e0.25.0\u003c/a\u003e (2026-03-05)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCSS variables (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/736\"\u003e#736\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/d2469131e1e42c0c599c3be108ba9b500cc99ca0\"\u003ed246913\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.24.0...0.24.1\"\u003e0.24.1\u003c/a\u003e (2026-03-03)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsistent text positioning when embedFont is false (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/723\"\u003e#723\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/dc07b7002bdc5b6f1915149c5510ff79b4587816\"\u003edc07b70\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.23.0...0.24.0\"\u003e0.24.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved object-position support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/734\"\u003e#734\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/9377f705f6511fadf8fb01dbbda960fe7b2732ab\"\u003e9377f70\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.23.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.22.0...0.23.0\"\u003e0.23.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd text-indent support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/733\"\u003e#733\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/2b7e8255c8c368df1ec61d050ccf3ffc7d0b47ff\"\u003e2b7e825\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.22.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.21.0...0.22.0\"\u003e0.22.0\u003c/a\u003e (2026-03-03)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for object-fit \u003ccode\u003efill\u003c/code\u003e and \u003ccode\u003escale-down\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/732\"\u003e#732\u003c/a\u003e) (\u003ca href=\"https://github.com/vercel/satori/commit/453fd917b137a16f3cf514017e262c7e53527e5f\"\u003e453fd91\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.21.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/vercel/satori/compare/0.20.0...0.21.0\"\u003e0.21.0\u003c/a\u003e (2026-03-02)\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/eab60eeecca1bcefc95d69a674f20f572155fe26\"\u003e\u003ccode\u003eeab60ee\u003c/code\u003e\u003c/a\u003e feat: builtin minimal JSX runtime (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/737\"\u003e#737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/d2469131e1e42c0c599c3be108ba9b500cc99ca0\"\u003e\u003ccode\u003ed246913\u003c/code\u003e\u003c/a\u003e feat: CSS variables (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/736\"\u003e#736\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/dc07b7002bdc5b6f1915149c5510ff79b4587816\"\u003e\u003ccode\u003edc07b70\u003c/code\u003e\u003c/a\u003e fix: Consistent text positioning when embedFont is false (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/723\"\u003e#723\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/54a749b3326e3b43d2d81149679d832c9d47f9dc\"\u003e\u003ccode\u003e54a749b\u003c/code\u003e\u003c/a\u003e chore: export InitInput and allow Promise (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/726\"\u003e#726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/9377f705f6511fadf8fb01dbbda960fe7b2732ab\"\u003e\u003ccode\u003e9377f70\u003c/code\u003e\u003c/a\u003e feat: Improved object-position support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/734\"\u003e#734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/2b7e8255c8c368df1ec61d050ccf3ffc7d0b47ff\"\u003e\u003ccode\u003e2b7e825\u003c/code\u003e\u003c/a\u003e feat: Add text-indent support (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/733\"\u003e#733\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/453fd917b137a16f3cf514017e262c7e53527e5f\"\u003e\u003ccode\u003e453fd91\u003c/code\u003e\u003c/a\u003e feat: Support for object-fit \u003ccode\u003efill\u003c/code\u003e and \u003ccode\u003escale-down\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/732\"\u003e#732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/c8dd6f5cc16085df1fdcf5711562439f3e26d0de\"\u003e\u003ccode\u003ec8dd6f5\u003c/code\u003e\u003c/a\u003e chore: Add more tests (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/c1087d63970e9798450bb974f35f1af526ce294d\"\u003e\u003ccode\u003ec1087d6\u003c/code\u003e\u003c/a\u003e chore: Update benchmark code (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/730\"\u003e#730\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/satori/commit/4e761c6b9fdf2959cf2a0292c9d1235154f070b6\"\u003e\u003ccode\u003e4e761c6\u003c/code\u003e\u003c/a\u003e feat: 10% perf improvements in the core lib (\u003ca href=\"https://redirect.github.com/vercel/satori/issues/729\"\u003e#729\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/satori/compare/0.19.1...0.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serve-handler` from 6.1.6 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/serve-handler/releases\"\u003eserve-handler's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.1.7\u003c/h2\u003e\n\u003ch3\u003ePatches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix: update minimatch to 3.1.5 to resolve security vulnerabilities: \u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/228\"\u003e#228\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/ParakhJaggi\"\u003e\u003ccode\u003e@​ParakhJaggi\u003c/code\u003e\u003c/a\u003e  for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/5158ae776863f0d597187e11260d963e7a78c6a0\"\u003e\u003ccode\u003e5158ae7\u003c/code\u003e\u003c/a\u003e 6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/754d1dcb5bb6dbd164667368be5e1b1278f1da60\"\u003e\u003ccode\u003e754d1dc\u003c/code\u003e\u003c/a\u003e fix: update minimatch to 3.1.5 to resolve security vulnerabilities (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/228\"\u003e#228\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/8b357fad752db5e9439e92513286970f68ed953e\"\u003e\u003ccode\u003e8b357fa\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;chore(deps): upgrade minimatch to v10.2.4 (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/226\"\u003e#226\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/serve-handler/commit/8df54ef09a5497641403cd4a888525a4831f4208\"\u003e\u003ccode\u003e8df54ef\u003c/code\u003e\u003c/a\u003e chore(deps): upgrade minimatch to v10.2.4 (\u003ca href=\"https://redirect.github.com/vercel/serve-handler/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vercel/serve-handler/compare/6.1.6...6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shiki` from 1.26.2 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shikijs/shiki/releases\"\u003eshiki's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003etwoslash\u003c/strong\u003e: Forward \u003ccode\u003etsModule\u003c/code\u003e to \u003ccode\u003ecreateTwoslasher\u003c/code\u003e  -  by \u003ca href=\"https://github.com/arthurfiorette\"\u003e\u003ccode\u003e@​arthurfiorette\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1271\"\u003eshikijs/shiki#1271\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/be89afcf\"\u003e\u003c!-- raw HTML omitted --\u003e(be89a)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.2...v4.1.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.2\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport ANSI language with multiple themes  -  by \u003ca href=\"https://github.com/dan-lee\"\u003e\u003ccode\u003e@​dan-lee\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1259\"\u003eshikijs/shiki#1259\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/2a232309\"\u003e\u003c!-- raw HTML omitted --\u003e(2a232)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.1...v4.0.2\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTry fix dts bundle, thanks \u003ca href=\"https://github.com/sxzz\"\u003e\u003ccode\u003e@​sxzz\u003c/code\u003e\u003c/a\u003e  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/1f26cb1c\"\u003e\u003c!-- raw HTML omitted --\u003e(1f26c)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v4.0.0...v4.0.1\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch3\u003e   🚨 Breaking Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDrop Node v18 support, remove deprecated APIs  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1249\"\u003eshikijs/shiki#1249\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/cdca9945\"\u003e\u003c!-- raw HTML omitted --\u003e(cdca9)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eA leaner \u003ccode\u003e@shikijs/primitive\u003c/code\u003e package  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1251\"\u003eshikijs/shiki#1251\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/05a77f1b\"\u003e\u003c!-- raw HTML omitted --\u003e(05a77)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNew \u003ccode\u003e@shikijs/markdown-exit\u003c/code\u003e package  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/d1257c25\"\u003e\u003c!-- raw HTML omitted --\u003e(d1257)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v3.23.0...v4.0.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003ev3.23.0\u003c/h2\u003e\n\u003ch3\u003e   🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate grammar and themes  -  by \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/9b4cacac\"\u003e\u003c!-- raw HTML omitted --\u003e(9b4ca)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd stdin support and list commands  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1241\"\u003eshikijs/shiki#1241\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/213f19bf\"\u003e\u003c!-- raw HTML omitted --\u003e(213f1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003etransformers\u003c/strong\u003e:\n\u003cul\u003e\n\u003cli\u003eAdd 'leading' position to transformerRenderWhitespace  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1236\"\u003eshikijs/shiki#1236\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/49cbb761\"\u003e\u003c!-- raw HTML omitted --\u003e(49cbb)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for [!code info] notation  -  by \u003ca href=\"https://github.com/Divyapahuja31\"\u003e\u003ccode\u003e@​Divyapahuja31\u003c/code\u003e\u003c/a\u003e and \u003cstrong\u003eDIVYA PAHUJA\u003c/strong\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1237\"\u003eshikijs/shiki#1237\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/cd2a6d94\"\u003e\u003c!-- raw HTML omitted --\u003e(cd2a6)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e   🐞 Bug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edeclare\u003c/code\u003e modifier to top level declarations in \u003ccode\u003e.d.ts\u003c/code\u003e  -  by \u003ca href=\"https://github.com/KazariEX\"\u003e\u003ccode\u003e@​KazariEX\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1242\"\u003eshikijs/shiki#1242\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/142d55c3\"\u003e\u003c!-- raw HTML omitted --\u003e(142d5)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecli\u003c/strong\u003e: Normalize language/extension casing for CLI inputs  -  by \u003ca href=\"https://github.com/Nandann018-ux\"\u003e\u003ccode\u003e@​Nandann018-ux\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/antfu\"\u003e\u003ccode\u003e@​antfu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/shikijs/shiki/issues/1245\"\u003eshikijs/shiki#1245\u003c/a\u003e \u003ca href=\"https://github.com/shikijs/shiki/commit/4bea1a54\"\u003e\u003c!-- raw HTML omitted --\u003e(4bea1)\u003c!-- raw HTML omitted --\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch5\u003e    \u003ca href=\"https://github.com/shikijs/shiki/compare/v3.22.0...v3.23.0\"\u003eView changes on GitHub\u003c/a\u003e\u003c/h5\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/c809af96f1907877c5cebfeee98ac5d55193140b\"\u003e\u003ccode\u003ec809af9\u003c/code\u003e\u003c/a\u003e chore: release v4.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/95371cb1b3c00ced5b437a11f603939002f9ecae\"\u003e\u003ccode\u003e95371cb\u003c/code\u003e\u003c/a\u003e chore: lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/7a1007dd5befe51a0c58925ac6de102691f5a0e4\"\u003e\u003ccode\u003e7a1007d\u003c/code\u003e\u003c/a\u003e chore: release v4.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/ef42a1614b155e091382b7b0faaae6c842ca5282\"\u003e\u003ccode\u003eef42a16\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/2a23230989ff3cc81359538ea5e063a7a80af178\"\u003e\u003ccode\u003e2a23230\u003c/code\u003e\u003c/a\u003e fix: support ANSI language with multiple themes (\u003ca href=\"https://github.com/shikijs/shiki/tree/HEAD/packages/shiki/issues/1259\"\u003e#1259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/69bec642a6f3a794398b308ff123f5d6e38f4617\"\u003e\u003ccode\u003e69bec64\u003c/code\u003e\u003c/a\u003e chore: release v4.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/2060ca89463e14e6f42af9b1a6950337f67bd690\"\u003e\u003ccode\u003e2060ca8\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/32f35b52fa8062185b5693931be0d389ad7853d1\"\u003e\u003ccode\u003e32f35b5\u003c/code\u003e\u003c/a\u003e chore: release v4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/720f6d862a1e28954cfaeab8c3de8b7ed0290fa0\"\u003e\u003ccode\u003e720f6d8\u003c/code\u003e\u003c/a\u003e test: restructure tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shikijs/shiki/commit/05a77f1b9f7080fe248552994953f6aff7ea2309\"\u003e\u003ccode\u003e05a77f1\u003c/code\u003e\u003c/a\u003e feat: a leaner \u003ccode\u003e@shikijs/primitive\u003c/code\u003e package (\u003ca href=\"https://github.com/shikijs/shiki/tree/HEAD/packages/shiki/issues/1251\"\u003e#1251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/shikijs/shiki/commits/v4.1.0/packages/shiki\"...\n\n_Description has been truncated_","html_url":"https://github.com/anesharchvictor/bible-study-wiki/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/anesharchvictor%2Fbible-study-wiki/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"3.0.4","new_version":"3.1.5","update_type":"minor","path":null,"pr_created_at":"2026-05-30T23:09:35.000Z","version_change":"3.0.4 → 3.1.5","issue":{"uuid":"4555965398","node_id":"PR_kwDOSeHXdM7hA-40","number":5,"state":"open","title":"Bump the npm_and_yarn group across 4 directories with 14 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T23:09:35.000Z","updated_at":"2026-05-30T23:10:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":14,"packages":[{"name":"axios","old_version":"0.18.1","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"lodash","old_version":"4.17.4","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"semver","old_version":"7.0.0","new_version":"7.5.2","repository_url":"https://github.com/npm/node-semver"},{"name":"minimist","old_version":"1.2.5","new_version":"1.2.6","repository_url":"https://github.com/minimistjs/minimist"},{"name":"shelljs","old_version":"0.8.4","new_version":"0.8.5","repository_url":"https://github.com/shelljs/shelljs"},{"name":"minimatch","old_version":"3.0.4","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the /newIDE/app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.18.1` | `1.16.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.4` | `4.18.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [semver](https://github.com/npm/node-semver) | `7.0.0` | `7.5.2` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.6` |\n| [shelljs](https://github.com/shelljs/shelljs) | `0.8.4` | `0.8.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\nBumps the npm_and_yarn group with 8 updates in the /newIDE/electron-app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` |\n| [shelljs](https://github.com/shelljs/shelljs) | `0.8.4` | `0.8.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [tar](https://github.com/isaacs/node-tar) | `6.2.1` | `7.5.15` |\n| [electron](https://github.com/electron/electron) | `32.3.3` | `42.3.0` |\n\nBumps the npm_and_yarn group with 5 updates in the /newIDE/electron-app/app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.19.2` | `0.32.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [electron](https://github.com/electron/electron) | `31.3.1` | `42.3.0` |\n\nBumps the npm_and_yarn group with 8 updates in the /newIDE/web-app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.19.2` | `0.32.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.20` | `4.18.1` |\n| [semver](https://github.com/npm/node-semver) | `6.3.0` | `6.3.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.6` |\n| [shelljs](https://github.com/shelljs/shelljs) | `0.8.4` | `0.8.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [async](https://github.com/caolan/async) | `2.6.1` | `2.6.4` |\n| [gh-pages](https://github.com/tschaub/gh-pages) | `4.0.0` | `5.0.0` |\n\n\nUpdates `axios` from 0.18.1 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.18.1...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.4 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.4...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.4...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `semver` from 7.0.0 to 7.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/npm/node-semver/releases\"\u003esemver's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.5.1...v7.5.2\"\u003e7.5.2\u003c/a\u003e (2023-06-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc\"\u003e\u003ccode\u003e58c791f\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/566\"\u003e#566\u003c/a\u003e diff when detecting major change from prerelease (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/566\"\u003e#566\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd\"\u003e\u003ccode\u003e5c8efbc\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/565\"\u003e#565\u003c/a\u003e preserve build in raw after inc (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/565\"\u003e#565\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441\"\u003e\u003ccode\u003e717534e\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/564\"\u003e#564\u003c/a\u003e better handling of whitespace (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/564\"\u003e#564\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.5.0...v7.5.1\"\u003e7.5.1\u003c/a\u003e (2023-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/d30d25a5c1fb963c3cc9178cb1769fe45e4a3cab\"\u003e\u003ccode\u003ed30d25a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/559\"\u003e#559\u003c/a\u003e show type on invalid semver error (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/559\"\u003e#559\u003c/a\u003e) (\u003ca href=\"https://github.com/tjenkinson\"\u003e\u003ccode\u003e@​tjenkinson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.4.0...v7.5.0\"\u003e7.5.0\u003c/a\u003e (2023-04-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/503a4e52fe2b1c6ed1400d33149f7733c8361eed\"\u003e\u003ccode\u003e503a4e5\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/548\"\u003e#548\u003c/a\u003e allow identifierBase to be false (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/548\"\u003e#548\u003c/a\u003e) (\u003ca href=\"https://github.com/lsvalina\"\u003e\u003ccode\u003e@​lsvalina\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/e219bb454036a0c23e34407591f921c8edb688e7\"\u003e\u003ccode\u003ee219bb4\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/552\"\u003e#552\u003c/a\u003e throw on bad version with correct error message (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/552\"\u003e#552\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/fc2f3df0b5d25253b3580607e111a9a280d888ca\"\u003e\u003ccode\u003efc2f3df\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/546\"\u003e#546\u003c/a\u003e incorrect results from diff sometimes with prerelease versions (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/546\"\u003e#546\u003c/a\u003e) (\u003ca href=\"https://github.com/tjenkinson\"\u003e\u003ccode\u003e@​tjenkinson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/27817677794f592b592bf6181a80a4824ff762b2\"\u003e\u003ccode\u003e2781767\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/547\"\u003e#547\u003c/a\u003e avoid re-instantiating SemVer during diff compare (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/547\"\u003e#547\u003c/a\u003e) (\u003ca href=\"https://github.com/macno\"\u003e\u003ccode\u003e@​macno\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.3.8...v7.4.0\"\u003e7.4.0\u003c/a\u003e (2023-04-10)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/113f51312a1a6b6aa50d4f9486b4fde21782c1f5\"\u003e\u003ccode\u003e113f513\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/532\"\u003e#532\u003c/a\u003e identifierBase parameter for .inc (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/532\"\u003e#532\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/b-bly\"\u003e\u003ccode\u003e@​b-bly\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/48d8f8fa63bf6e35db70ff840b6da1a51596a5a8\"\u003e\u003ccode\u003e48d8f8f\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/530\"\u003e#530\u003c/a\u003e export new RELEASE_TYPES constant (\u003ca href=\"https://github.com/hcharley\"\u003e\u003ccode\u003e@​hcharley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/940723d22bca824993627c45ac30dd3d2854b8cd\"\u003e\u003ccode\u003e940723d\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/538\"\u003e#538\u003c/a\u003e intersects with v0.0.0 and v0.0.0-0 (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/538\"\u003e#538\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/aa516b50b32f5a144017d8fc1b9efe0540963c91\"\u003e\u003ccode\u003eaa516b5\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/535\"\u003e#535\u003c/a\u003e faster parse options (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/535\"\u003e#535\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/61e6ea1e9b7af01baf19ab0c0a63c8e3ebfac97c\"\u003e\u003ccode\u003e61e6ea1\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/536\"\u003e#536\u003c/a\u003e faster cache key factory for range (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/536\"\u003e#536\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/f8b8b619e71746a47852a9d301f3087ab311444f\"\u003e\u003ccode\u003ef8b8b61\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/541\"\u003e#541\u003c/a\u003e optimistic parse (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/541\"\u003e#541\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/796cbe29b06d102e1b16f3ed78eaba210ece951e\"\u003e\u003ccode\u003e796cbe2\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/533\"\u003e#533\u003c/a\u003e semver.diff prerelease to release recognition (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/533\"\u003e#533\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/dominique-blockchain\"\u003e\u003ccode\u003e@​dominique-blockchain\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/3f222b144033525ca9f8a2ce5bc6e02f0401881f\"\u003e\u003ccode\u003e3f222b1\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/537\"\u003e#537\u003c/a\u003e reuse comparators on subset (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/537\"\u003e#537\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/f66cc45c6e82eebb4b5b51af73e7b8dcaeda7e21\"\u003e\u003ccode\u003ef66cc45\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/539\"\u003e#539\u003c/a\u003e faster diff (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/539\"\u003e#539\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/c5d29df6f75741fea27fffe3b88c9c3b28e3ca73\"\u003e\u003ccode\u003ec5d29df\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/530\"\u003e#530\u003c/a\u003e Add \u0026quot;Constants\u0026quot; section to README (\u003ca href=\"https://github.com/hcharley\"\u003e\u003ccode\u003e@​hcharley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/npm/node-semver/blob/main/CHANGELOG.md\"\u003esemver's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.5.1...v7.5.2\"\u003e7.5.2\u003c/a\u003e (2023-06-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc\"\u003e\u003ccode\u003e58c791f\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/566\"\u003e#566\u003c/a\u003e diff when detecting major change from prerelease (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/566\"\u003e#566\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd\"\u003e\u003ccode\u003e5c8efbc\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/565\"\u003e#565\u003c/a\u003e preserve build in raw after inc (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/565\"\u003e#565\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441\"\u003e\u003ccode\u003e717534e\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/564\"\u003e#564\u003c/a\u003e better handling of whitespace (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/564\"\u003e#564\u003c/a\u003e) (\u003ca href=\"https://github.com/lukekarrys\"\u003e\u003ccode\u003e@​lukekarrys\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.5.0...v7.5.1\"\u003e7.5.1\u003c/a\u003e (2023-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/d30d25a5c1fb963c3cc9178cb1769fe45e4a3cab\"\u003e\u003ccode\u003ed30d25a\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/559\"\u003e#559\u003c/a\u003e show type on invalid semver error (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/559\"\u003e#559\u003c/a\u003e) (\u003ca href=\"https://github.com/tjenkinson\"\u003e\u003ccode\u003e@​tjenkinson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.4.0...v7.5.0\"\u003e7.5.0\u003c/a\u003e (2023-04-17)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/503a4e52fe2b1c6ed1400d33149f7733c8361eed\"\u003e\u003ccode\u003e503a4e5\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/548\"\u003e#548\u003c/a\u003e allow identifierBase to be false (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/548\"\u003e#548\u003c/a\u003e) (\u003ca href=\"https://github.com/lsvalina\"\u003e\u003ccode\u003e@​lsvalina\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/e219bb454036a0c23e34407591f921c8edb688e7\"\u003e\u003ccode\u003ee219bb4\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/552\"\u003e#552\u003c/a\u003e throw on bad version with correct error message (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/552\"\u003e#552\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/fc2f3df0b5d25253b3580607e111a9a280d888ca\"\u003e\u003ccode\u003efc2f3df\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/546\"\u003e#546\u003c/a\u003e incorrect results from diff sometimes with prerelease versions (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/546\"\u003e#546\u003c/a\u003e) (\u003ca href=\"https://github.com/tjenkinson\"\u003e\u003ccode\u003e@​tjenkinson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/27817677794f592b592bf6181a80a4824ff762b2\"\u003e\u003ccode\u003e2781767\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/547\"\u003e#547\u003c/a\u003e avoid re-instantiating SemVer during diff compare (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/547\"\u003e#547\u003c/a\u003e) (\u003ca href=\"https://github.com/macno\"\u003e\u003ccode\u003e@​macno\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.3.8...v7.4.0\"\u003e7.4.0\u003c/a\u003e (2023-04-10)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/113f51312a1a6b6aa50d4f9486b4fde21782c1f5\"\u003e\u003ccode\u003e113f513\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/532\"\u003e#532\u003c/a\u003e identifierBase parameter for .inc (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/532\"\u003e#532\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/b-bly\"\u003e\u003ccode\u003e@​b-bly\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/48d8f8fa63bf6e35db70ff840b6da1a51596a5a8\"\u003e\u003ccode\u003e48d8f8f\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/530\"\u003e#530\u003c/a\u003e export new RELEASE_TYPES constant (\u003ca href=\"https://github.com/hcharley\"\u003e\u003ccode\u003e@​hcharley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/940723d22bca824993627c45ac30dd3d2854b8cd\"\u003e\u003ccode\u003e940723d\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/538\"\u003e#538\u003c/a\u003e intersects with v0.0.0 and v0.0.0-0 (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/538\"\u003e#538\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/aa516b50b32f5a144017d8fc1b9efe0540963c91\"\u003e\u003ccode\u003eaa516b5\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/535\"\u003e#535\u003c/a\u003e faster parse options (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/535\"\u003e#535\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/61e6ea1e9b7af01baf19ab0c0a63c8e3ebfac97c\"\u003e\u003ccode\u003e61e6ea1\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/536\"\u003e#536\u003c/a\u003e faster cache key factory for range (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/536\"\u003e#536\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/f8b8b619e71746a47852a9d301f3087ab311444f\"\u003e\u003ccode\u003ef8b8b61\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/541\"\u003e#541\u003c/a\u003e optimistic parse (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/541\"\u003e#541\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/796cbe29b06d102e1b16f3ed78eaba210ece951e\"\u003e\u003ccode\u003e796cbe2\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/533\"\u003e#533\u003c/a\u003e semver.diff prerelease to release recognition (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/533\"\u003e#533\u003c/a\u003e) (\u003ca href=\"https://github.com/wraithgar\"\u003e\u003ccode\u003e@​wraithgar\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/dominique-blockchain\"\u003e\u003ccode\u003e@​dominique-blockchain\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/3f222b144033525ca9f8a2ce5bc6e02f0401881f\"\u003e\u003ccode\u003e3f222b1\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/537\"\u003e#537\u003c/a\u003e reuse comparators on subset (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/537\"\u003e#537\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/f66cc45c6e82eebb4b5b51af73e7b8dcaeda7e21\"\u003e\u003ccode\u003ef66cc45\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/539\"\u003e#539\u003c/a\u003e faster diff (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/539\"\u003e#539\u003c/a\u003e) (\u003ca href=\"https://github.com/H4ad\"\u003e\u003ccode\u003e@​H4ad\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/c5d29df6f75741fea27fffe3b88c9c3b28e3ca73\"\u003e\u003ccode\u003ec5d29df\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://redirect.github.com/npm/node-semver/pull/530\"\u003e#530\u003c/a\u003e Add \u0026quot;Constants\u0026quot; section to README (\u003ca href=\"https://github.com/hcharley\"\u003e\u003ccode\u003e@​hcharley\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/npm/node-semver/compare/v7.3.7...v7.3.8\"\u003e7.3.8\u003c/a\u003e (2022-10-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/e7b78de06eb14a7fa2075cedf9f167040d8d31af\"\u003e\u003ccode\u003ee7b78de\u003c/code\u003e\u003c/a\u003e chore: release 7.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc\"\u003e\u003ccode\u003e58c791f\u003c/code\u003e\u003c/a\u003e fix: diff when detecting major change from prerelease (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/566\"\u003e#566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd\"\u003e\u003ccode\u003e5c8efbc\u003c/code\u003e\u003c/a\u003e fix: preserve build in raw after inc (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/565\"\u003e#565\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441\"\u003e\u003ccode\u003e717534e\u003c/code\u003e\u003c/a\u003e fix: better handling of whitespace (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/2f738e9a70d9b9468b7b69e9ed3e12418725c650\"\u003e\u003ccode\u003e2f738e9\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.14.1 to 4.15.1 (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/aa016a67162c195938f7873ea29a73dac47ff9ba\"\u003e\u003ccode\u003eaa016a6\u003c/code\u003e\u003c/a\u003e chore: release 7.5.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/d30d25a5c1fb963c3cc9178cb1769fe45e4a3cab\"\u003e\u003ccode\u003ed30d25a\u003c/code\u003e\u003c/a\u003e fix: show type on invalid semver error (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/559\"\u003e#559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/09c69e23cdf6c69c51f83635482fff89ab2574e3\"\u003e\u003ccode\u003e09c69e2\u003c/code\u003e\u003c/a\u003e chore: bump \u003ccode\u003e@​npmcli/template-oss\u003c/code\u003e from 4.13.0 to 4.14.1 (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/5b02ad7163a3ddcbcadf499e4f6195d6f2226dce\"\u003e\u003ccode\u003e5b02ad7\u003c/code\u003e\u003c/a\u003e chore: release 7.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/npm/node-semver/commit/e219bb454036a0c23e34407591f921c8edb688e7\"\u003e\u003ccode\u003ee219bb4\u003c/code\u003e\u003c/a\u003e fix: throw on bad version with correct error message (\u003ca href=\"https://redirect.github.com/npm/node-semver/issues/552\"\u003e#552\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/npm/node-semver/compare/v7.0.0...v7.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~npm-cli-ops\"\u003enpm-cli-ops\u003c/a\u003e, a new releaser for semver since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimist` from 1.2.5 to 1.2.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md\"\u003eminimist's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.6\"\u003ev1.2.6\u003c/a\u003e - 2022-03-21\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003etest from prototype pollution PR \u003ca href=\"https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb\"\u003e\u003ccode\u003ebc8ecee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eisConstructorOrProto adapted from PR \u003ca href=\"https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d\"\u003e\u003ccode\u003ec2b9819\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esecurity notice for additional prototype pollution issue \u003ca href=\"https://github.com/minimistjs/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2\"\u003e\u003ccode\u003eef88b93\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/7efb22a518b53b06f5b02a1038a88bd6290c2846\"\u003e\u003ccode\u003e7efb22a\u003c/code\u003e\u003c/a\u003e 1.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2\"\u003e\u003ccode\u003eef88b93\u003c/code\u003e\u003c/a\u003e security notice for additional prototype pollution issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d\"\u003e\u003ccode\u003ec2b9819\u003c/code\u003e\u003c/a\u003e isConstructorOrProto adapted from PR\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb\"\u003e\u003ccode\u003ebc8ecee\u003c/code\u003e\u003c/a\u003e test from prototype pollution PR\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `shelljs` from 0.8.4 to 0.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shelljs/shelljs/releases\"\u003eshelljs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.5\u003c/h2\u003e\n\u003cp\u003eThis was a small security fix for \u003ca href=\"https://redirect.github.com/shelljs/shelljs/issues/1058\"\u003e#1058\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/shelljs/shelljs/blob/main/CHANGELOG.md\"\u003eshelljs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/shelljs/shelljs/tree/v0.8.5\"\u003ev0.8.5\u003c/a\u003e (2022-01-13)\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/shelljs/shelljs/compare/v0.8.4...v0.8.5\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThis was a small security fix for \u003ca href=\"https://redirect.github.com/shelljs/shelljs/issues/1058\"\u003e#1058\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shelljs/shelljs/commit/70668a4555c7d49c4f67d53ea063b899be4d6d40\"\u003e\u003ccode\u003e70668a4\u003c/code\u003e\u003c/a\u003e 0.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c\"\u003e\u003ccode\u003ed919d22\u003c/code\u003e\u003c/a\u003e fix(exec): lockdown file permissions (\u003ca href=\"https://redirect.github.com/shelljs/shelljs/issues/1060\"\u003e#1060\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/shelljs/shelljs/compare/v0.8.4...v0.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.0.4 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.5.10 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.5.10...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81c...\n\n_Description has been truncated_","html_url":"https://github.com/Heretek-AI/GDevelop/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Heretek-AI%2FGDevelop/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"9.0.5","new_version":"9.0.9","update_type":"patch","path":null,"pr_created_at":"2026-05-30T19:50:39.000Z","version_change":"9.0.5 → 9.0.9","issue":{"uuid":"4555502935","node_id":"PR_kwDOPi0zm87g_mr7","number":3,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T19:50:39.000Z","updated_at":"2026-05-30T19:51:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"drizzle-orm","old_version":"0.39.1","new_version":"0.45.2","repository_url":"https://github.com/drizzle-team/drizzle-orm"},{"name":"ws","old_version":"8.18.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"vite","old_version":"7.1.12","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"brace-expansion","old_version":"2.0.2","new_version":"2.1.1","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.52.5","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"yaml","old_version":"2.6.0","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.39.1` | `0.45.2` |\n| [ws](https://github.com/websockets/ws) | `8.18.0` | `8.21.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.12` | `7.3.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.52.5` | `4.60.4` |\n| [yaml](https://github.com/eemeli/yaml) | `2.6.0` | `2.9.0` |\n\n\nUpdates `drizzle-orm` from 0.39.1 to 0.45.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/releases\"\u003edrizzle-orm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.45.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003esql.identifier()\u003c/code\u003e, \u003ccode\u003esql.as()\u003c/code\u003e escaping issues. Previously all the values passed to this functions were not properly escaped\ncausing a possible SQL Injection (CWE-89) vulnerability\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/EthanKim88\"\u003e\u003ccode\u003e@​EthanKim88\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/0x90sh\"\u003e\u003ccode\u003e@​0x90sh\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/wgoodall01\"\u003e\u003ccode\u003e@​wgoodall01\u003c/code\u003e\u003c/a\u003e for reaching out to us with a reproduction and suggested fix\u003c/p\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden \u003ccode\u003erequire()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5107\"\u003e#5107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions\u003c/li\u003e\n\u003cli\u003eAllowed subqueries in select fields\u003c/li\u003e\n\u003cli\u003eUpdated typo algorythm =\u0026gt; algorithm\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e$onUpdate\u003c/code\u003e not handling \u003ccode\u003eSQL\u003c/code\u003e values (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/2388\"\u003e#2388\u003c/a\u003e, tests implemented by \u003ca href=\"https://github.com/L-Mario564\"\u003eL-Mario564\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/pull/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003epg\u003c/code\u003e mappers not handling \u003ccode\u003eDate\u003c/code\u003e instances in \u003ccode\u003ebun-sql:postgresql\u003c/code\u003e driver responses for \u003ccode\u003edate\u003c/code\u003e, \u003ccode\u003etimestamp\u003c/code\u003e types (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4493\"\u003e#4493\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix durable sqlite transaction return value \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/3746\"\u003e#3746\u003c/a\u003e - thanks \u003ca href=\"https://github.com/joaocstro\"\u003e\u003ccode\u003e@​joaocstro\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: add $replicas reference \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4874\"\u003e#4874\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed invalid usage of \u003ccode\u003e.one()\u003c/code\u003e in \u003ccode\u003edurable-sqlite\u003c/code\u003e session\u003c/li\u003e\n\u003cli\u003eFixed spread operator related crash in sqlite \u003ccode\u003eblob\u003c/code\u003e columns\u003c/li\u003e\n\u003cli\u003eBetter browser support for sqlite \u003ccode\u003eblob\u003c/code\u003e columns\u003c/li\u003e\n\u003cli\u003eImproved sqlite \u003ccode\u003eblob\u003c/code\u003e mapping\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix wrong DrizzleQueryError export. thanks \u003ca href=\"https://github.com/nathankleyn\"\u003e\u003ccode\u003e@​nathankleyn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed types of \u003ccode\u003e$client\u003c/code\u003e for clients created by drizzle function\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eawait db.$client.[...]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003eupdated_at\u003c/code\u003e column to the \u003ccode\u003eneon_auth.users_sync\u003c/code\u003e table definition.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUG]: Fixed type issues with joins with certain variations of \u003ccode\u003etsconfig\u003c/code\u003e: \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4535\"\u003e#4535\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4457\"\u003e#4457\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4586\"\u003e[BUG]: Drizzle can no longer run on Durable Objects\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.44.0\u003c/h2\u003e\n\u003ch2\u003eError handling\u003c/h2\u003e\n\u003cp\u003eStarting from this version, we’ve introduced a new \u003ccode\u003eDrizzleQueryError\u003c/code\u003e that wraps all errors from database drivers and provides a set of useful information:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/273c78071d4841b497f5144734b38294df7ec64b\"\u003e\u003ccode\u003e273c780\u003c/code\u003e\u003c/a\u003e + 0.45.2 (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5534\"\u003e#5534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/4aa6ecfee4b4728dadf6f77f071a149878a3c6c0\"\u003e\u003ccode\u003e4aa6ecf\u003c/code\u003e\u003c/a\u003e Kit updates (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5490\"\u003e#5490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e8e6edfef5ca69c6188d320388ad440265911057\"\u003e\u003ccode\u003ee8e6edf\u003c/code\u003e\u003c/a\u003e feat(drizzle-kit): support d1 via binding (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5302\"\u003e#5302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/a086f59fba7f46f3a077893ba912c99e91eaa760\"\u003e\u003ccode\u003ea086f59\u003c/code\u003e\u003c/a\u003e Fixed pg-native Pool detection in node-postgres transactions breaking in envi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/c445637df39366bcf47b12601896ce851771c1c2\"\u003e\u003ccode\u003ec445637\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5095\"\u003e#5095\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e7b3aaa26456b88cd23a7843ebc95b3bddde1ba4\"\u003e\u003ccode\u003ee7b3aaa\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/0d885a54ddafd8717f8610cf3d2899f3eef61e65\"\u003e\u003ccode\u003e0d885a5\u003c/code\u003e\u003c/a\u003e refactor: Update condition for run-feature job to improve clarity and functio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/45a1ffbcbfdd96772d0aba7d9e43744db2dce471\"\u003e\u003ccode\u003e45a1ffb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5087\"\u003e#5087\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/6357645bd33b1f444e1d081769dd4b71c3de31f8\"\u003e\u003ccode\u003e6357645\u003c/code\u003e\u003c/a\u003e chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/53dec98a936f549d0cc2e668f19db3a2df842f51\"\u003e\u003ccode\u003e53dec98\u003c/code\u003e\u003c/a\u003e refactor: Simplify release router workflow by removing unnecessary switch job...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/compare/0.39.1...0.45.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for drizzle-orm since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.18.0 to 8.21.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.21.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eIntroduced the \u003ccode\u003emaxBufferedChunks\u003c/code\u003e and \u003ccode\u003emaxFragments\u003c/code\u003e options (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a remote memory exhaustion DoS vulnerability (2b2abd45).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eA high volume of tiny fragments and data chunks could be sent by a peer, using\nmodest network traffic, to crash a \u003ccode\u003ews\u003c/code\u003e server or client due to OOM.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer({ port: 0 }, function () {\nconst data = Buffer.alloc(1);\nconst options = { fin: false };\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e);\u003c/p\u003e\n\u003cp\u003ews.on('open', function () {\n(function send() {\nws.send(data, options, function (err) {\nif (err) return;\nsend();\n});\n})();\n});\u003c/p\u003e\n\u003cp\u003ews.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eclient close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.on('error', console.error);\nws.on('close', function (code, reason) {\nconsole.log(\u003ccode\u003eserver close - code: ${code} reason: ${reason.toString()}\u003c/code\u003e);\n});\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe vulnerability was responsibly disclosed and fixed by \u003ca href=\"https://github.com/Nadav0077\"\u003eNadav Magier\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIn vulnerable versions, the issue can be mitigated by lowering the value of the\n\u003ccode\u003emaxPayload\u003c/code\u003e option if possible.\u003c/p\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94\"\u003e\u003ccode\u003ebca91ad\u003c/code\u003e\u003c/a\u003e [dist] 8.21.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/2b2abd458a1b647d0b6033bd62a619c36189839a\"\u003e\u003ccode\u003e2b2abd4\u003c/code\u003e\u003c/a\u003e [security] Limit retained message parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/78eabe2a6677b231bf9c82601bde86ff91639490\"\u003e\u003ccode\u003e78eabe2\u003c/code\u003e\u003c/a\u003e [security] Add latest vulnerability to SECURITY.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.18.0...8.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.1.12 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.1/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.0/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erevert \u0026quot;perf(deps): replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21107\"\u003e#21107\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://github.com/vitejs/vite/commit/2d66b7b14aa6dfd62f3d6a59ee8382ed5ca6fd32\"\u003e2d66b7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.2...v7.2.3\"\u003e7.2.3\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/317b3b272f9ef6faa647a51ab3b0768fecc1071d\"\u003e\u003ccode\u003e317b3b2\u003c/code\u003e\u003c/a\u003e release: v7.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e\u003ccode\u003e721f163\u003c/code\u003e\u003c/a\u003e fix: plugin shortcut support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21211\"\u003e#21211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/109\"\u003e#109\u003c/a\u003e)  c3a817c\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.1.0...v2.1.1\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.1.0...v2.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/64b71d31d7c43b956ce64fccc1dda5a3729be728\"\u003e\u003ccode\u003e64b71d3\u003c/code\u003e\u003c/a\u003e 2.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3a817c8e5421d19a37c9babcf3f216b6bf2e6b4\"\u003e\u003ccode\u003ec3a817c\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/109\"\u003e#109\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.2...v2.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8a10e473e2e0ff03c2d4de308f257093af2bce21\"\u003e\u003ccode\u003e8a10e47\u003c/code\u003e\u003c/a\u003e 9.0.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c6f180636cebd4de2f9af7ef29ca4c9bf2eeef02\"\u003e\u003ccode\u003ec6f1806\u003c/code\u003e\u003c/a\u003e brace-expansion@2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/446cfa3e2aa3ef45bd4a27fa4418221e158489f6\"\u003e\u003ccode\u003e446cfa3\u003c/code\u003e\u003c/a\u003e 9.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8fa151ab95fd4e2acd6e1a81f10d02dc7c1098d3\"\u003e\u003ccode\u003e8fa151a\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/71b78a2a4cad3a40af08a39c065e71bbf69ea7f7\"\u003e\u003ccode\u003e71b78a2\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2de496f6d9362dd92460f35ffa6ff8de2907244b\"\u003e\u003ccode\u003e2de496f\u003c/code\u003e\u003c/a\u003e 9.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0d4616de9193bf1d359271662e92657bb51b2f75\"\u003e\u003ccode\u003e0d4616d\u003c/code\u003e\u003c/a\u003e limit nested extglob recursion, flatten extglobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7117ef381e74deace1c62a74d2298c8fe61d10ca\"\u003e\u003ccode\u003e7117ef3\u003c/code\u003e\u003c/a\u003e 9.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2418458b7fe82e0a1fd1a1b6f618c41c90b9848a\"\u003e\u003ccode\u003e2418458\u003c/code\u003e\u003c/a\u003e update deps, do not checkin dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1d1f531009d5e4a86083de37e5ef3f301e073986\"\u003e\u003ccode\u003e1d1f531\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v9.0.5...v9.0.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.13.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.52.5 to 4.60.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.60.4\u003c/h2\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.2\u003c/h2\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6346\"\u003e#6346\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6347\"\u003e#6347\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6348\"\u003e#6348\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6349\"\u003e#6349\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6350\"\u003e#6350\u003c/a\u003e: fix: reset variable render names between outputs in the same generate (\u003ca href=\"https://github.com/barry3406\"\u003e\u003ccode\u003e@​barry3406\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6351\"\u003e#6351\u003c/a\u003e: chore(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6352\"\u003e#6352\u003c/a\u003e: chore(deps): update cross-platform-actions/action action to v1 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6353\"\u003e#6353\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6354\"\u003e#6354\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6355\"\u003e#6355\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6356\"\u003e#6356\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6358\"\u003e#6358\u003c/a\u003e: chore: remove cross-env from devDeps (\u003ca href=\"https://github.com/K-tecchan\"\u003e\u003ccode\u003e@​K-tecchan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.1\u003c/h2\u003e\n\u003ch2\u003e4.60.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.3\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-04\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure nested \u0026quot;exports\u0026quot; variables are not renamed (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://red...\n\n_Description has been truncated_","html_url":"https://github.com/trademomentum-llc/ml-agent-foundry/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/trademomentum-llc%2Fml-agent-foundry/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-30T09:48:40.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4554029869","node_id":"PR_kwDOP78JWM7g7O4V","number":1,"state":"open","title":"Build(deps): Bump the npm_and_yarn group across 1 directory with 27 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:48:40.000Z","updated_at":"2026-05-30T09:51:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps): Bump","group_name":"npm_and_yarn","update_count":27,"packages":[{"name":"axios","old_version":"1.7.2","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.1.6","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"uuid","old_version":"9.0.1","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"storybook","old_version":"9.1.4","new_version":"9.1.20","repository_url":"https://github.com/storybookjs/storybook"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"2.4.0","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"bn.js","old_version":"5.2.1","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"bn.js","old_version":"4.12.0","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"svgo","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"rollup","old_version":"3.29.4","new_version":"3.30.0","repository_url":"https://github.com/rollup/rollup"},{"name":"immutable","old_version":"4.3.6","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"js-cookie","old_version":"2.2.1","new_version":"3.0.8","repository_url":"https://github.com/js-cookie/js-cookie"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"pbkdf2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/browserify/pbkdf2"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"serialize-javascript","old_version":"6.0.2","new_version":"removed","repository_url":"https://github.com/yahoo/serialize-javascript"},{"name":"underscore","old_version":"1.13.6","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"webpack","old_version":"5.89.0","new_version":"5.107.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 25 updates in the /web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.2` | `1.16.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.1.6` | `3.4.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `9.1.4` | `9.1.20` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `2.4.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [bn.js](https://github.com/indutny/bn.js) | `5.2.1` | `5.2.3` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [rollup](https://github.com/rollup/rollup) | `3.29.4` | `3.30.0` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.6` | `4.3.8` |\n| [js-cookie](https://github.com/js-cookie/js-cookie) | `2.2.1` | `3.0.8` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.6` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.6` | `1.13.8` |\n| [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.107.2` |\n\n\nUpdates `axios` from 1.7.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.1.6 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003eADD_FORBID_CONTENTS\u003c/code\u003e setting to extend default list, thanks \u003ca href=\"https://github.com/MariusRumpf\"\u003e\u003ccode\u003e@​MariusRumpf\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated the ESM import syntax to be more correct, thanks \u003ca href=\"https://github.com/binhpv\"\u003e\u003ccode\u003e@​binhpv\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the SVG \u003ccode\u003emask-type\u003c/code\u003e attribute to default allow-list, thanks \u003ca href=\"https://github.com/prasadrajandran\"\u003e\u003ccode\u003e@​prasadrajandran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003eADD_ATTR\u003c/code\u003e and \u003ccode\u003eADD_TAGS\u003c/code\u003e to accept functions, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with the \u003ccode\u003eslot\u003c/code\u003e element being in both SVG and HTML allow-list, thanks \u003ca href=\"https://github.com/Wim-Valgaeren\"\u003e\u003ccode\u003e@​Wim-Valgaeren\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded new attributes and elements to default allow-list, thanks \u003ca href=\"https://github.com/elrion018\"\u003e\u003ccode\u003e@​elrion018\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003etagName\u003c/code\u003e parameter to custom element \u003ccode\u003eattributeNameCheck\u003c/code\u003e, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better check for animated \u003ccode\u003ehref\u003c/code\u003e attributes, thanks \u003ca href=\"https://github.com/llamakko\"\u003e\u003ccode\u003e@​llamakko\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated and improved the bundled types, thanks \u003ca href=\"https://github.com/ssi02014\"\u003e\u003ccode\u003e@​ssi02014\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated several tests to better align with new browser encoding behaviors\u003c/li\u003e\n\u003cli\u003eImproved the handling of potentially risky content inside CDATA elements, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved the regular expression for raw-text elements to cover textareas, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.1.6...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 9.0.1 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `storybook` from 9.1.4 to 9.1.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/releases\"\u003estorybook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.1.20\u003c/h2\u003e\n\u003ch2\u003e9.1.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd request validation\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev9.1.19\u003c/h2\u003e\n\u003ch2\u003e9.1.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev9.1.18\u003c/h2\u003e\n\u003ch2\u003e9.1.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/blob/v9.1.20/CHANGELOG.md\"\u003estorybook's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.1.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd request validation\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.16\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Fix Nextjs project creation in empty directories - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32828\"\u003e#32828\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCore: Add \u003ccode\u003eexperimental_devServer\u003c/code\u003e preset - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32862\"\u003e#32862\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Fix preview-first-load event - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32859\"\u003e#32859\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCore: Add \u003ccode\u003epreview-first-load\u003c/code\u003e telemetry - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32770\"\u003e#32770\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eDependencies: Update \u003ccode\u003evite-plugin-storybook-nextjs\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32821\"\u003e#32821\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNextJS: Add NextJS 16 support - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32791\"\u003e#32791\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Vitest: Support Vitest 4 - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32819\"\u003e#32819\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCSF: Fix \u003ccode\u003eplay-fn\u003c/code\u003e tag for methods - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32695\"\u003e#32695\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNextjs: Fix config access for Vite - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32759\"\u003e#32759\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMaintenance: Hotfix for missing nextjs dts files, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAutomigration: Improve the viewport/backgrounds automigration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32619\"\u003e#32619\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eMocking: Fix \u003ccode\u003esb.mock\u003c/code\u003e usage in Storybook's deployed in subpaths - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32678\"\u003e#32678\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNextJS-Vite: Automatically fix bad PostCSS configuration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32691\"\u003e#32691\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eReact Native Web: Fix REACT_NATIVE_AND_RNW should detect vite builder - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32718\"\u003e#32718\u003c/a\u003e, thanks \u003ca href=\"https://github.com/dannyhw\"\u003e\u003ccode\u003e@​dannyhw\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Add metadata for react routers - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32615\"\u003e#32615\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAutomigrations: Add automigration for viewport and backgrounds - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/31614\"\u003e#31614\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Log userAgent in onboarding - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32566\"\u003e#32566\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/f4eff4835ee6076bddf2fa2c8af680afebfaba0e\"\u003e\u003ccode\u003ef4eff48\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.19\u0026quot; to \u0026quot;9.1.20\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/046ce4d35020916e996521e04c18abfdf1052eaa\"\u003e\u003ccode\u003e046ce4d\u003c/code\u003e\u003c/a\u003e Formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/98e74eb845a2f7f4d6a65d719284bc0a459395d6\"\u003e\u003ccode\u003e98e74eb\u003c/code\u003e\u003c/a\u003e Clarify hostname validation for HTTP requests and WebSocket connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/5f27e882807b4816fba5d30490232706dc8354e7\"\u003e\u003ccode\u003e5f27e88\u003c/code\u003e\u003c/a\u003e Core: Backport origin/host validation and update related configurations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/20887f19d26d1f6e74712eeec4812f325031420b\"\u003e\u003ccode\u003e20887f1\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.18\u0026quot; to \u0026quot;9.1.19\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/66b2d8e30b1c235c198b8de0696755a13a72ceae\"\u003e\u003ccode\u003e66b2d8e\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/31f16c4cd46f9435e1558204cdccb6bf6b880c7f\"\u003e\u003ccode\u003e31f16c4\u003c/code\u003e\u003c/a\u003e fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/62dd25b508d3b8cd771cfadcac9a9f41881c0e11\"\u003e\u003ccode\u003e62dd25b\u003c/code\u003e\u003c/a\u003e Core: Require token for websocket connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/bbe61e351b4b45cd17c7d8005e48e4cab60a0315\"\u003e\u003ccode\u003ebbe61e3\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.17\u0026quot; to \u0026quot;9.1.18\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/d0d5a3d645df3493ad935e321d1ef101679cfc2e\"\u003e\u003ccode\u003ed0d5a3d\u003c/code\u003e\u003c/a\u003e Bump version from 9.1.16 to 9.1.17 MANUALLY\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/storybookjs/storybook/commits/v9.1.20/code/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for storybook since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate web dependencies to pick up security fixes, reliability improvements, and build hardening. Highlights include `axios` 1.16, `dompurify` 3.4, `lodash` 4.18, `uuid` 14, `postcss` 8.5, `storybook` 9.1, and removal of `serialize-javascript`.\n\n- **Dependencies**\n  - Security/bug fixes: `dompurify` 3.4.0, `lodash` 4.18.1, `postcss` 8.5.15, `storybook` 9.1.20.\n  - HTTP client: `axios` 1.16.0 enforces body/content limits and fixes redirects/headers.\n  - Breaking: `uuid` 14.0.0 expects global `crypto` and requires Node 20+; adds buffer bounds checks.\n  - Tooling: `webpack` 5.107.2, `terser-webpack-plugin` 5.6.1; removed `serialize-javascript`.\n  - App libs: `@antv/g2` 5.4.8, `ahooks` 3.9.7, plus assorted patch updates.\n\n- **Migration**\n  - Use Node 20+ locally and in CI for web builds and Storybook.\n  - If `uuid` runs in Node/SSR, ensure the environment provides global `crypto`; in browsers, verify `window.crypto` is available.\n  - Remove any direct `serialize-javascript` imports if present and reinstall dependencies.\n  - If you have custom Storybook networking/proxy settings, verify the preview connects after the websocket/request validation changes.\n\n\u003csup\u003eWritten for commit e748ef93c31e7903500a6c7e83e7506c6e3c020e. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/ragflow/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 27 npm dependencies in web package\n\u003e Updates dependencies in [package.json](https://github.com/EmilynnJ/ragflow/pull/1/files#diff-b861012a5dd72b8a9f3281b7cf09f5a779c98569d040b1bbc1db50f1b15e7cce), including major version bumps to `uuid` (9→14) and `axios` (1.6→1.16), plus minor/patch updates to `@antv/g2`, `ahooks`, `dompurify`, `lodash`, `postcss`, `storybook`, and `terser-webpack-plugin`.\n\u003e\n\u003e - Risk: `uuid` v14 and `axios` v1.16 may include breaking API changes that could affect runtime behavior.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized e748ef9.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/ragflow/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fragflow/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-30T09:46:33.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4554025511","node_id":"PR_kwDOQplPU87g7OGy","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:46:33.000Z","updated_at":"2026-05-30T09:47:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.18.6","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.1","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"tmp","old_version":"0.2.1","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"5.8.0","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.2.6","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"ip-address","old_version":"9.0.5","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.5.0","new_version":"7.6.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"ws","old_version":"8.18.0","new_version":"8.21.0","repository_url":"https://github.com/websockets/ws"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"tar","old_version":"6.2.1","new_version":"removed","repository_url":"https://github.com/isaacs/node-tar"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 21 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.18.6` | `7.29.7` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.7` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `5.8.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.6` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.0` | `7.6.1` |\n| [ws](https://github.com/websockets/ws) | `8.18.0` | `8.21.0` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [tar](https://github.com/isaacs/node-tar) | `6.2.1` | `removed` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.18.6 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.0.5 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/980371bb6057d78d479b5cfc18683392abd2c45f\"\u003e\u003ccode\u003e980371b\u003c/code\u003e\u003c/a\u003e Guard against unbounded control response\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/50827c73ca6c1d786c97276e47be8a33d0f2277d\"\u003e\u003ccode\u003e50827c7\u003c/code\u003e\u003c/a\u003e Adjust changelog to match release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.1 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md\"\u003etmp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2 (2024-02-28)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/278\"\u003e#278\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/268\"\u003e#268\u003c/a\u003e: Revert \u0026quot;fix \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/246\"\u003e#246\u003c/a\u003e: remove any double quotes or single quotes… (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/279\"\u003e#279\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/266\"\u003e#266\u003c/a\u003e: move paragraph on graceful cleanup to the head of the documentation (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 5\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDave Nicolson (\u003ca href=\"https://github.com/dnicolson\"\u003e\u003ccode\u003e@​dnicolson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKARASZI István (\u003ca href=\"https://github.com/raszi\"\u003e\u003ccode\u003e@​raszi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaxime Bargiel (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/robertoaceves\"\u003e\u003ccode\u003e@​robertoaceves\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.1...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.6 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.6...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 4.5.3 to 5.8.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eupdate strnum, FXB. Use xml-naming for DOCTYPE\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eintegrate xml-naming to validate DOCTYPE entity name and notation name (using qname because of backward compatibility)\n\u003cul\u003e\n\u003cli\u003eThis will consider xml-version as well. '1.0' is default\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eYou can set octal and binary parsing which is by deault off\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate fast-xml-builder to 1.2.0\n\u003cul\u003e\n\u003cli\u003ecan sanitize tag names if found invalid\u003c/li\u003e\n\u003cli\u003efix format output\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003efix minor old bugs and update builder\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ebackward compatibility for numerical external entity, fix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eupgrade \u003ccode\u003e@​nodable/entities\u003c/code\u003e and FXB\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to use entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo API change\u003c/li\u003e\n\u003cli\u003eNo change in performance for basic usage\u003c/li\u003e\n\u003cli\u003eNo typing change\u003c/li\u003e\n\u003cli\u003eNo config change\u003c/li\u003e\n\u003cli\u003enew dependency\u003c/li\u003e\n\u003cli\u003ebreaking: error messages for entities might have been changed.\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\"\u003ehttps://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eperformance improvment, increase entity expansion default limit\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eincrease default entity explansion limit as many projects demand for that\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003eNote: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eNote: Due to some last quick changes on v4, detail of v4.5.3 \u0026amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion\u003c/p\u003e\n\u003cp\u003e*\u003cem\u003e5.8.0 / 2026-05-12\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintegrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)\n\u003cul\u003e\n\u003cli\u003eThis will consider xml-version as well. '1.0' is default\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eYou can set octal and binary parsing which is bydeault off\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate fast-xml-builder to 1.2.0\n\u003cul\u003e\n\u003cli\u003ecan sanitize tag names if found invalid\u003c/li\u003e\n\u003cli\u003efix format output\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.3 / 2006-05-05\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.2 / 2026-04-25\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.1 / 2026-04-20\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in CJS typing file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.0 / 2026-04-17\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to user entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.6.0 / 2026-04-15\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: entity replacement for numeric entities\u003c/li\u003e\n\u003cli\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\n\u003cul\u003e\n\u003cli\u003ethis may change some error messages related to entities expansion limit or inavlid use\u003c/li\u003e\n\u003cli\u003epost check would be exposed in future version\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/4bcee44a034ec99706b68b16e31f4072505b13e9\"\u003e\u003ccode\u003e4bcee44\u003c/code\u003e\u003c/a\u003e for release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/8a287bf2524f0a3a4c32be7edaedced3a9839ab8\"\u003e\u003ccode\u003e8a287bf\u003c/code\u003e\u003c/a\u003e release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/50b01dcacb8fe21f986a9e7b55800bd96401fe58\"\u003e\u003ccode\u003e50b01dc\u003c/code\u003e\u003c/a\u003e Use \u0026quot;\u003ccode\u003e@​byspec/xml\u003c/code\u003e\u0026quot; for testing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/816b652c83249edc1569c523f7bc3e13b3ef929c\"\u003e\u003ccode\u003e816b652\u003c/code\u003e\u003c/a\u003e update typings to mark validator use deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/8ad0e650bcdb05001b533f27bc01f2e873d87cc5\"\u003e\u003ccode\u003e8ad0e65\u003c/code\u003e\u003c/a\u003e update fast-xml-builder and strnum\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/58e967ed7f8208e4896b607cf5a057a5659f97c6\"\u003e\u003ccode\u003e58e967e\u003c/code\u003e\u003c/a\u003e integrate xml-naming\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fa3c3af8e0d59e9fe213785a1b204b39338d2b\"\u003e\u003ccode\u003e42fa3c3\u003c/code\u003e\u003c/a\u003e separate XML validator, UPDATE DOCS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d6d80429b1d1f1420902e1cebac6fe7831ba0839\"\u003e\u003ccode\u003ed6d8042\u003c/code\u003e\u003c/a\u003e update to release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d2633709699520c514208ea70e31adb6d71ab0e8\"\u003e\u003ccode\u003ed263370\u003c/code\u003e\u003c/a\u003e remove dev dependency 'he'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f9c9a2c19f819ab6fe0856ef4e94d6aa28fe1eec\"\u003e\u003ccode\u003ef9c9a2c\u003c/code\u003e\u003c/a\u003e update builder to 1.1.7\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.3...v5.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.2.6 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.2.6...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 9.0.5 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80fccaae984618f35dc941efab55cf2440ab37e8\"\u003e\u003ccode\u003e80fccaa\u003c/code\u003e\u003c/a\u003e 10.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/abaeb4d817cab16d3a1a78abd249d1f116bd302e\"\u003e\u003ccode\u003eabaeb4d\u003c/code\u003e\u003c/a\u003e Type Address4.addressMinusSuffix as non-nilable (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/2878c294e1216f9a0b69ad1d3c57a3790a7d5e8e\"\u003e\u003ccode\u003e2878c29\u003c/code\u003e\u003c/a\u003e Preserve subnet prefix through Address6.to4() (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/123\"\u003e#123\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/586666ee9e666464071761d7a453715f98b6caee\"\u003e\u003ccode\u003e586666e\u003c/code\u003e\u003c/a\u003e Reject trailing junk in Address6.fromURL (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/158\"\u003e#158\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/202\"\u003e#202\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/80bc76eddf63df38db60defd5004bea919adf7ac\"\u003e\u003ccode\u003e80bc76e\u003c/code\u003e\u003c/a\u003e Validate static factories instead of silently overflowing (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/98927be9ef0c09f8ffcaf30b297405c9eff0a520\"\u003e\u003ccode\u003e98927be\u003c/code\u003e\u003c/a\u003e Clarify isValid() accepts CIDRs with host bits set (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/81\"\u003e#81\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a0eb0732d6ac3088daa1106f4933eade41fd364a\"\u003e\u003ccode\u003ea0eb073\u003c/code\u003e\u003c/a\u003e Fix getScope() and broaden getType() classification (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/122\"\u003e#122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/200\"\u003e#200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/ec52105c87179129b9f091e97581e87b007824c7\"\u003e\u003ccode\u003eec52105\u003c/code\u003e\u003c/a\u003e Add networkForm() for CIDR network-address strings (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/a9443a72215b21a1e692be75cd3e18e8aa2262cb\"\u003e\u003ccode\u003ea9443a7\u003c/code\u003e\u003c/a\u003e Add isMapped4() predicate for IPv4-mapped IPv6 addresses (closes \u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/62\"\u003e#62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/beaugunderson/ip-address/issues/198\"\u003e#198\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beaugunderson/ip-address/commit/f01d74267ed39f84521157e5f199edade9809f1e\"\u003e\u003ccode\u003ef01d742\u003c/code\u003e\u003c/a\u003e Add address-property predicates (private, ULA, loopback, link-local, etc.) (#...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beaugunderson/ip-address/compare/v9.0.5...v10.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate dependencies to address security advisories and keep the stack current. Notable upgrades include `express` 4.22.2 and `@storybook/react` 10.x; removes `tar` and refreshes the lockfile.\n\n- **Dependencies**\n  - Bump `express` to `^4.22.2` and `@storybook/react` to `^10.4.1`.\n  - Apply security patches: `lodash@4.18.1`, `node-forge@1.4.0`, `handlebars@4.7.9`, `fast-uri@3.1.2`, `basic-ftp@5.3.1`.\n  - Notable majors: `fast-xml-parser@5.8.0`, `ip-address@10.2.0`.\n  - Remove `tar`; regenerate `package-lock.json`.\n\n- **Migration**\n  - Storybook 6.5 → 10: run `npx storybook@latest automigrate`, verify `.storybook` config, and update addons as needed.\n  - If you use `fast-xml-parser`, review v5 option changes and re-run tests.\n  - If you use `ip-address`, check for API/typing changes and adjust callers.\n  - Confirm no code relies on `tar`; re-add or replace if needed.\n\n\u003csup\u003eWritten for commit 33a16aab2d4361571b3c957532153a172935fc3a. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/twilio-video-app-react/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump Express to ^4.22.2 and Storybook React to ^10.4.1\n\u003e Updates dependency version ranges in [package.json](https://github.com/EmilynnJ/twilio-video-app-react/pull/1/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519) as part of a grouped npm/yarn dependency bump. Express moves from `^4.17.1` to `^4.22.2` and `@storybook/react` moves from `^6.5.10` to `^10.4.1`. Risk: the major version jump in `@storybook/react` (6→10) may introduce breaking API changes in Storybook stories.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 33a16aa.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/twilio-video-app-react/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Ftwilio-video-app-react/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-30T09:42:53.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4554016915","node_id":"PR_kwDOP1uCKc7g7MhN","number":1,"state":"open","title":"Bump the npm_and_yarn group across 5 directories with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:42:53.000Z","updated_at":"2026-05-30T09:44:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":24,"packages":[{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"postcss","old_version":"8.5.4","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"vite","old_version":"5.4.19","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.42.0","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the /testing/fake-llm-server directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch) and [path-to-regexp](https://github.com/pillarjs/path-to-regexp).\nBumps the npm_and_yarn group with 2 updates in the /scaffold directory: [postcss](https://github.com/postcss/postcss) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 8 updates in the /packages/@dyad-sh/react-vite-component-tagger directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.4` | `8.5.15` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.19` | `6.4.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.42.0` | `4.60.4` |\n\nBumps the npm_and_yarn group with 9 updates in the /packages/@dyad-sh/nextjs-webpack-component-tagger directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `4.43.0` | `4.60.4` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.9` | `5.107.2` |\n\nBumps the npm_and_yarn group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.2` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.20` | `8.0.14` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `4.50.1` | `4.60.4` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.9.0` |\n| [@ai-sdk/provider-utils](https://github.com/vercel/ai/tree/HEAD/packages/provider-utils) | `3.0.8` | `4.0.27` |\n| [uuid](https://github.com/uuidjs/uuid) | `11.1.0` | `14.0.0` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` |\n| [axios](https://github.com/axios/axios) | `1.11.0` | `1.16.1` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [next](https://github.com/vercel/next.js) | `15.5.2` | `16.2.6` |\n| [seroval](https://github.com/lxsmnsyc/seroval) | `1.3.2` | `1.5.4` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.5` | `0.2.7` |\n\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.3 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.3...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.3.4 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e4.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains \u003ccode\u003econstructor\u003c/code\u003e by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.2...4.0.3\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.2...4.0.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.2...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.40.0 to 4.60.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.60.4\u003c/h2\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.2\u003c/h2\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6346\"\u003e#6346\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6347\"\u003e#6347\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6348\"\u003e#6348\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6349\"\u003e#6349\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6350\"\u003e#6350\u003c/a\u003e: fix: reset variable render names between outputs in the same generate (\u003ca href=\"https://github.com/barry3406\"\u003e\u003ccode\u003e@​barry3406\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6351\"\u003e#6351\u003c/a\u003e: chore(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6352\"\u003e#6352\u003c/a\u003e: chore(deps): update cross-platform-actions/action action to v1 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6353\"\u003e#6353\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6354\"\u003e#6354\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6355\"\u003e#6355\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6356\"\u003e#6356\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6358\"\u003e#6358\u003c/a\u003e: chore: remove cross-env from devDeps (\u003ca href=\"https://github.com/K-tecchan\"\u003e\u003ccode\u003e@​K-tecchan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.1\u003c/h2\u003e\n\u003ch2\u003e4.60.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.3\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-04\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure nested \u0026quot;exports\u0026quot; variables are not renamed (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6360\"\u003e#6360\u003c/a\u003e: fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://github.com/tariqrafique\"\u003e\u003ccode\u003e@​tariqrafique\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6364\"\u003e#6364\u003c/a\u003e: chore(deps): update msys2/setup-msys2 digest to e989830 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6365\"\u003e#6365\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6366\"\u003e#6366\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6367\"\u003e#6367\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6368\"\u003e#6368\u003c/a\u003e: docs: add missing backticks in \u003ccode\u003eplugin-development\u003c/code\u003e (\u003ca href=\"https://github.com/lumirlumir\"\u003e\u003ccode\u003e@​lumirlumir\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d311a84b0bb4d4a6f50d19ffd2c29cca28660c88\"\u003e\u003ccode\u003ed311a84\u003c/code\u003e\u003c/a\u003e 4.60.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/6aa324854482e273b711972955d2d1b3bb445bcc\"\u003e\u003ccode\u003e6aa3248\u003c/code\u003e\u003c/a\u003e fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/82a0fe76b1372a2cf509fc4067d69f25569b83f5\"\u003e\u003ccode\u003e82a0fe7\u003c/code\u003e\u003c/a\u003e Resolve vulnerabilities (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6375\"\u003e#6375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/71f5ebc893d7ff76b5571d63b04ea2ed4a4ddd9d\"\u003e\u003ccode\u003e71f5ebc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6371\"\u003e#6371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/af91d778cdf564dd1ae1bfd6e92604ec031824a7\"\u003e\u003ccode\u003eaf91d77\u003c/code\u003e\u003c/a\u003e chore(deps): lock file maintenance (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6373\"\u003e#6373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/65e7b94ddda9f02334fa8f12ff6bf699c1f07833\"\u003e\u003ccode\u003e65e7b94\u003c/code\u003e\u003c/a\u003e chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6372\"\u003e#6372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/642587f3d9c5b4aa482a5027672f0fa8ea76da12\"\u003e\u003ccode\u003e642587f\u003c/code\u003e\u003c/a\u003e fix(deps): update minor/patch updates (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6370\"\u003e#6370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/b47bdabeccbb7aa1b1d4117f2f4a781a9f6de297\"\u003e\u003ccode\u003eb47bdab\u003c/code\u003e\u003c/a\u003e 4.60.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/15c5f33083c8c6b1b2cbae548124fffbba2553bb\"\u003e\u003ccode\u003e15c5f33\u003c/code\u003e\u003c/a\u003e Add again some unneeded dev dependencies, to make some builds succeed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/12195dcebbd21f0f2d91e26720cd053526edbfe3\"\u003e\u003ccode\u003e12195dc\u003c/code\u003e\u003c/a\u003e fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rollup/rollup/compare/v4.42.0...v4.60.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for rollup since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.4 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.3...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.19 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025......\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdates dependencies across the monorepo to the latest secure versions, including major bumps to `vite`, `next`, and `express`. Also updates the component tagger packages to `0.8.0` and removes `serialize-javascript`.\n\n- **Dependencies**\n  - Build tooling: `vite` root → `8.0.14`; scaffold/packages → `6.4.2`; `rollup` → `4.60.4`.\n  - Frameworks: `next` → `16.2.6`.\n  - Server: `express` (fake LLM server) → `4.22.2`.\n  - Security fixes: `brace-expansion`, `minimatch`, `path-to-regexp`, `picomatch`, `postcss`, `ajv`, `qs`.\n  - AI SDK: bump `@ai-sdk/*` packages to latest `3.x/4.x`.\n  - Internal: `@dyad-sh/react-vite-component-tagger` and `@dyad-sh/nextjs-webpack-component-tagger` → `0.8.0` (peer `vite` now includes `^6`); removed `serialize-javascript`.\n\n- **Migration**\n  - Use Node 18+ (required by `vite` 6/8 and `next` 16).\n  - Reinstall deps and rebuild: clean install to refresh lockfiles.\n  - Verify project build/dev with `vite` and `next` 16; review any breaking changes in configs and plugins.\n\n\u003csup\u003eWritten for commit ae1a2fd5ed0cf33c41ada69847cd0d7383bcedce. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/dyad/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies across 5 directories including major AI SDK and Vite upgrades\n\u003e - Updates AI SDK packages (`ai`, `@ai-sdk/*`) from v2/v3/v5 to v3/v4/v6 in [package.json](https://github.com/EmilynnJ/dyad/pull/1/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519), covering providers for OpenAI, Anthropic, Google, Azure, Bedrock, and xAI\n\u003e - Bumps `vite` from v5 to v8 in the root package, v5 to v6 in `react-vite-component-tagger`, and v6.3 to v6.4 in the scaffold\n\u003e - Updates `express` from 4.18 to 4.22 in the fake LLM test server and `postcss` to 8.5 in the scaffold\n\u003e - Risk: Multiple major version bumps (AI SDK, Vite, `uuid`, `glob`) may introduce breaking API changes\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized ae1a2fd.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/dyad/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fdyad/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-30T09:36:27.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4554002859","node_id":"PR_kwDOQpga1c7g7KAX","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:36:27.000Z","updated_at":"2026-05-30T09:37:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":5,"packages":[{"name":"rollup","old_version":"3.29.5","new_version":"3.30.0","repository_url":"https://github.com/rollup/rollup"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rollup](https://github.com/rollup/rollup) | `3.29.5` | `3.30.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `rollup` from 3.29.5 to 3.30.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.30.0\u003c/h2\u003e\n\u003ch2\u003e3.30.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6276\"\u003e#6276\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v3.30.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.30.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6276\"\u003e#6276\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d91d5e11becc2f16d3a493231fb5bf48f74758a9\"\u003e\u003ccode\u003ed91d5e1\u003c/code\u003e\u003c/a\u003e 3.30.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/967740910dc90f3c928c91642f2b80c1ed40d60b\"\u003e\u003ccode\u003e9677409\u003c/code\u003e\u003c/a\u003e Update release script for backports\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\"\u003e\u003ccode\u003ec8cf1f9\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v3.29.5...v3.30.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/cc482e775913e6625137572a3712d2826170e53a\"\u003e\u003ccode\u003ecc482e7\u003c/code\u003e\u003c/a\u003e 4.1.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/50968b862e75866ef90e626572fe0b2f97b55f9f\"\u003e\u003ccode\u003e50968b8\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/d092d866031751cb27c12d93f3e2470ad74d678b\"\u003e\u003ccode\u003ed092d86\u003c/code\u003e\u003c/a\u003e lint fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879\"\u003e\u003ccode\u003e383665f\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/0d3ca7a27b03a6c974790a30a89e456007d62976\"\u003e\u003ccode\u003e0d3ca7a\u003c/code\u003e\u003c/a\u003e README.md: HTTP =\u0026gt; HTTPS (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/49baadd52af887d2991e2c39a6639baa56d6c71b\"\u003e\u003ccode\u003e49baadd\u003c/code\u003e\u003c/a\u003e doc: 'empty' style option for !!null\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/ba3460eb9d3e4478edcbc29edabe17c2157fc9ce\"\u003e\u003ccode\u003eba3460e\u003c/code\u003e\u003c/a\u003e Fix demo link (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/618\"\u003e#618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/EmilynnJ/janus-gateway/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate `rollup`, `flatted`, `js-yaml`, `minimatch`, and `picomatch` to pick up security fixes and improve build safety with Rollup’s new output-path check.\n\n- **Dependencies**\n  - `rollup`: 3.29.5 → 3.30.0 — validates bundle paths stay within the output dir.\n  - `js-yaml`: 4.1.0 → 4.1.1 — fixes prototype pollution.\n  - `picomatch`: 2.3.1 → 2.3.2 — security fixes.\n  - `minimatch`: 3.1.2 → 3.1.5 — fixes globstar matching and improves perf.\n  - `flatted`: 3.3.1 → 3.4.2 — maintenance/security hardening.\n\n- **Migration**\n  - Check build configs and output paths; Rollup now throws if outputs escape the configured directory.\n\n\u003csup\u003eWritten for commit 9af2d3447b58d53721e5d4cde27ef3bfbc8a0090. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/janus-gateway/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 5 npm dependencies in package-lock.json\n\u003e Updates 5 packages in [package-lock.json](https://github.com/EmilynnJ/janus-gateway/pull/1/files#diff-053150b640a7ce75eff69d1a22cae7f0f94ad64ce9a855db544dda0929316519) as part of a routine dependency bump.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 9af2d34.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/janus-gateway/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fjanus-gateway/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"10.1.1","new_version":"10.2.5","update_type":"minor","path":null,"pr_created_at":"2026-05-30T09:36:27.000Z","version_change":"10.1.1 → 10.2.5","issue":{"uuid":"4554002818","node_id":"PR_kwDORoC1887g7J_6","number":1,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:36:27.000Z","updated_at":"2026-05-30T09:37:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"@modelcontextprotocol/sdk","old_version":"1.25.3","new_version":"1.26.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"uuid","old_version":"13.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"@isaacs/brace-expansion","old_version":"5.0.0","new_version":"5.0.1"},{"name":"tar","old_version":"7.5.7","new_version":"7.5.15","repository_url":"https://github.com/isaacs/node-tar"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"hono","old_version":"4.11.7","new_version":"4.12.23","repository_url":"https://github.com/honojs/hono"},{"name":"minimatch","old_version":"10.1.1","new_version":"10.2.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"protobufjs","old_version":"7.5.4","new_version":"7.6.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"qs","old_version":"6.14.1","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"vite","old_version":"7.3.1","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 15 updates in the /gitnexus directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.3` | `1.26.0` |\n| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.9` | `1.19.14` |\n| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.7` | `7.5.15` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [hono](https://github.com/honojs/hono) | `4.11.7` | `4.12.23` |\n| [minimatch](https://github.com/isaacs/minimatch) | `10.1.1` | `10.2.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` |\n| [qs](https://github.com/ljharb/qs) | `6.14.1` | `6.15.2` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.3` |\n\nBumps the npm_and_yarn group with 12 updates in the /gitnexus-web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [uuid](https://github.com/uuidjs/uuid) | `13.0.0` | `14.0.0` |\n| @isaacs/brace-expansion | `5.0.0` | `5.0.1` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.3` | `7.5.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `10.1.1` | `10.2.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.4.21` | `8.0.14` |\n| [axios](https://github.com/axios/axios) | `1.13.2` | `1.16.0` |\n| [mermaid](https://github.com/mermaid-js/mermaid) | `11.12.2` | `11.15.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.1` | `3.4.7` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.4.7` | `0.7.3` |\n\n\nUpdates `@modelcontextprotocol/sdk` from 1.25.3 to 1.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.26.0\u003c/h2\u003e\n\u003cp\u003eAddresses \u0026quot;Sharing server/transport instances can leak cross-client response data\u0026quot; in this GHSA \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: bump v1.25.3 for backport fixes by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\"\u003emodelcontextprotocol/typescript-sdk#1412\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by \u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) by \u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.26.0 by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\"\u003emodelcontextprotocol/typescript-sdk#1479\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"\u003e\u003ccode\u003efe9c07b\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.26.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"\u003e\u003ccode\u003e4f01e7e\u003c/code\u003e\u003c/a\u003e fix: add non-null assertions for optional setupServer fields in stateful test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"\u003e\u003ccode\u003ea05be17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"\u003e\u003ccode\u003e50d9fa3\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\"\u003e#1442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"\u003e\u003ccode\u003eaa81a66\u003c/code\u003e\u003c/a\u003e fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"\u003e\u003ccode\u003e6aba065\u003c/code\u003e\u003c/a\u003e chore: bump v1.25.3 for backport fixes (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\"\u003e#1412\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.9 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/2f8ca3665f5257305603783ec9999bd1a9bec0f2\"\u003e\u003ccode\u003e2f8ca36\u003c/code\u003e\u003c/a\u003e 1.19.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.9...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@isaacs/brace-expansion` from 5.0.0 to 5.0.1\n\nUpdates `tar` from 7.5.7 to 7.5.15\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/87cc309f13c21d598b0b833235d387a252455058\"\u003e\u003ccode\u003e87cc309\u003c/code\u003e\u003c/a\u003e 7.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/7aef486f0d21c10fd7790b16b1b28f04648cf334\"\u003e\u003ccode\u003e7aef486\u003c/code\u003e\u003c/a\u003e fix: regression in pending links detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/6244eb33846bbd407443f5d0e339bd8c91663cd6\"\u003e\u003ccode\u003e6244eb3\u003c/code\u003e\u003c/a\u003e 7.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/9704d8c6f639573775133cbbd541aba83cb46c9c\"\u003e\u003ccode\u003e9704d8c\u003c/code\u003e\u003c/a\u003e stricter protection against hardlinks preempting their targets\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/700734f9aeb113bcc5f1400d81b8be7d499e54a2\"\u003e\u003ccode\u003e700734f\u003c/code\u003e\u003c/a\u003e update workflows and deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/d6611ae951056addb77c6e11baf7bcc9d7648e46\"\u003e\u003ccode\u003ed6611ae\u003c/code\u003e\u003c/a\u003e 7.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/119c401f4f7efbeb112d28f9dfc9c489674c9a79\"\u003e\u003ccode\u003e119c401\u003c/code\u003e\u003c/a\u003e fix(extract): prevent raced symlink writes outside cwd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2a294d3fbb24c18dc80f31059f49dd9af15653fe\"\u003e\u003ccode\u003e2a294d3\u003c/code\u003e\u003c/a\u003e 7.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/01082a42c3256ca6054f9627911cce4dbfe00d92\"\u003e\u003ccode\u003e01082a4\u003c/code\u003e\u003c/a\u003e fix: reject top promise on floating addFilesAsync rejections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/dd1c36ab7acff26e5a34935d17f27a45bb088db3\"\u003e\u003ccode\u003edd1c36a\u003c/code\u003e\u003c/a\u003e linting\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.11.7 to 4.12.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(serve-static): normalize all backslashes in file paths, not just the first in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4962\"\u003ehonojs/hono#4962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(context): export the Context class publicly by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4543\"\u003ehonojs/hono#4543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(contribution): add AI Usage Policy by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4970\"\u003ehonojs/hono#4970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(compress): add contentTypeFilter option and \u003ccode\u003eCOMPRESSIBLE_CONTENT_TYPE_REGEX\u003c/code\u003e re-export by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4961\"\u003ehonojs/hono#4961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(utils/ipaddr): do not compress a single 0 group to \u003ccode\u003e::\u003c/code\u003e by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4971\"\u003ehonojs/hono#4971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.22...v4.12.23\"\u003ehttps://github.com/honojs/hono/compare/v4.12.22...v4.12.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update vitest to v4 and cleanups by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4952\"\u003ehonojs/hono#4952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mime): specify charset parameter per MIME type instead of mechanical detection by \u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(compress): respect Accept-Encoding when encoding option is set by \u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deno): echo negotiated WebSocket subprotocol in upgrade response by \u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add msgpack as a compressible content type by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.21...v4.12.22\"\u003ehttps://github.com/honojs/hono/compare/v4.12.21...v4.12.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.21\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eapp.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003eapp.mount()\u003c/code\u003e. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3\u003c/p\u003e\n\u003ch3\u003eIP Restriction bypasses static deny rules for non-canonical IPv6\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/ip-restriction\u003c/code\u003e. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5\u003c/p\u003e\n\u003ch3\u003eCookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of \u003ccode\u003esameSite\u003c/code\u003e and \u003ccode\u003epriority\u003c/code\u003e options against injection characters (\u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x\u003c/p\u003e\n\u003ch3\u003eJWT middleware accepts any Authorization scheme, not only Bearer\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/jwt\u003c/code\u003e, \u003ccode\u003ehono/jwk\u003c/code\u003e. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use \u003ccode\u003eapp.mount()\u003c/code\u003e, \u003ccode\u003ehono/ip-restriction\u003c/code\u003e, \u003ccode\u003ehono/cookie\u003c/code\u003e, or \u003ccode\u003ehono/jwt\u003c/code\u003e/\u003ccode\u003ehono/jwk\u003c/code\u003e are encouraged to upgrade to this version.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/83bfb3bb4a12c1d92c163a39e907df5d662ff78d\"\u003e\u003ccode\u003e83bfb3b\u003c/code\u003e\u003c/a\u003e 4.12.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/bcd290a64c0b392fd06d2bd1f256c5dc9835e4a4\"\u003e\u003ccode\u003ebcd290a\u003c/code\u003e\u003c/a\u003e fix(utils/ipaddr): do not compress a single 0 group to \u003ccode\u003e::\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4971\"\u003e#4971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c968177d9c11ddc7c7cca57c384497f11a6d60ae\"\u003e\u003ccode\u003ec968177\u003c/code\u003e\u003c/a\u003e feat(compress): add contentTypeFilter option and `COMPRESSIBLE_CONTENT_TYPE_R...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/0265a5453a7c272417eaa22b93d3fb319d2188ed\"\u003e\u003ccode\u003e0265a54\u003c/code\u003e\u003c/a\u003e docs(contribution): add AI Usage Policy (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c84c5d2d46ca6a78c316529491d42ab7bb956368\"\u003e\u003ccode\u003ec84c5d2\u003c/code\u003e\u003c/a\u003e feat(context): export the Context class publicly (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4543\"\u003e#4543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/82dad6297c90c33c41bf48b4530509a21588ad06\"\u003e\u003ccode\u003e82dad62\u003c/code\u003e\u003c/a\u003e fix(serve-static): normalize all backslashes in file paths, not just the firs...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e\"\u003e\u003ccode\u003e2f01b77\u003c/code\u003e\u003c/a\u003e 4.12.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99\"\u003e\u003ccode\u003e6bc0dff\u003c/code\u003e\u003c/a\u003e feat: add msgpack as a compressible content type (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4957\"\u003e#4957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9\"\u003e\u003ccode\u003e7e0555d\u003c/code\u003e\u003c/a\u003e fix(deno): echo negotiated WebSocket subprotocol in upgrade response (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6\"\u003e\u003ccode\u003ef0ed246\u003c/code\u003e\u003c/a\u003e fix(compress): respect Accept-Encoding when encoding option is set (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4951\"\u003e#4951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.11.7...v4.12.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 10.1.1 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/693c82377d0948401be4c6d3220c9a74132ab112\"\u003e\u003ccode\u003e693c823\u003c/code\u003e\u003c/a\u003e 10.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7953af1fac53267c05e362f036b70de898318faa\"\u003e\u003ccode\u003e7953af1\u003c/code\u003e\u003c/a\u003e do not allow .. to consume drive letter on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1caf91893b67586255c68e2e513b14ac66785a24\"\u003e\u003ccode\u003e1caf918\u003c/code\u003e\u003c/a\u003e lint and format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7783ed6670442acb4d455b9b164a1b2a33507a45\"\u003e\u003ccode\u003e7783ed6\u003c/code\u003e\u003c/a\u003e ignore docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/6d9b356cd59372de00e1d5f3b8907a3350b9b8e5\"\u003e\u003ccode\u003e6d9b356\u003c/code\u003e\u003c/a\u003e update deps etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c36addb94e33f14254b9ca9017e63ae9c9d80d1d\"\u003e\u003ccode\u003ec36addb\u003c/code\u003e\u003c/a\u003e 10.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26b90027d5ad0c383b5253a4e45d6dc7da282db4\"\u003e\u003ccode\u003e26b9002\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/3a0d83b6f03a17ebc15361c2faa7110777042aab\"\u003e\u003ccode\u003e3a0d83b\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ea94840326c3f40522f1b544bd2303024b0eec35\"\u003e\u003ccode\u003eea94840\u003c/code\u003e\u003c/a\u003e 10.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0873fbabc00a86e09f4469386059a71abb136c93\"\u003e\u003ccode\u003e0873fba\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v10.1.1...v10.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.6.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1\"\u003e7.6.1\u003c/a\u003e (2026-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport misc utility hardening (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2280\"\u003e#2280\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0\"\u003e8a45c13\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTreat fixed64 as unsigned in converters (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2266\"\u003e#2266\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/479df...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade dependencies in `gitnexus` and `gitnexus-web` to pick up security fixes and performance improvements, notably `uuid` v14 and `vite` v8. This raises the minimum Node version to 20+.\n\n- **Dependencies**\n  - `uuid` → 14.0.0 (Node 20+; includes bounds check fix GHSA-w5hq-g745-h8pq)\n  - `vite` (web) → 8.x for faster builds and latest plugin APIs\n  - `@modelcontextprotocol/sdk` → 1.26.0 (fixes cross-client response leak GHSA-345p-7cg4-v4c7)\n  - `@hono/node-server` and `hono` updated with security fixes for static serving, cookies/JWT, and IP restriction\n  - Security patches: `fast-uri`, `path-to-regexp`, `picomatch`, `postcss`\n  - Routine bumps: `axios`, `mermaid`, `protobufjs`, `qs`, `tar`, `minimatch`, and more\n\n- **Migration**\n  - Ensure CI and runtime use Node 20+.\n  - Clean install and rebuild: rm locks/node_modules, then install.\n  - For `gitnexus-web`: verify `vite` v8 dev/production builds and plugin compatibility.\n  - Run a quick smoke test of auth, static assets, and API routes.\n\n\u003csup\u003eWritten for commit 76d69570b3622e25220e2771c251a382b6e3bd1a. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/GitNexus/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies including vite, uuid, axios, and mermaid across 2 directories\n\u003e - Updates `gitnexus-web` dependencies: `axios` ^1.13.2→^1.16.0, `mermaid` ^11.12.2→^11.15.0, `uuid` ^13.0.0→^14.0.0, `vite` ^5.2.0→^8.0.14\n\u003e - Updates `gitnexus` dependency: `uuid` ^13.0.0→^14.0.0\n\u003e - Risk: `vite` jumps from v5 to v8 and `uuid` moves to v14, both major version bumps that may include breaking changes\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 76d6957.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/GitNexus/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2FGitNexus/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-30T09:35:50.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4554001511","node_id":"PR_kwDOQ3fS3M7g7JxM","number":2,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 6 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:35:50.000Z","updated_at":"2026-05-30T09:40:11.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":11,"packages":[{"name":"ansi-regex","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/chalk/ansi-regex"},{"name":"ansi-regex","old_version":"5.0.0","new_version":"5.0.1","repository_url":"https://github.com/chalk/ansi-regex"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.0","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"send","old_version":"0.17.1","new_version":"0.19.2","repository_url":"https://github.com/pillarjs/send"},{"name":"serve-static","old_version":"1.14.1","new_version":"1.16.3","repository_url":"https://github.com/expressjs/serve-static"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `4.1.0` | `4.1.1` |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.0` | `2.3.2` |\n| [send](https://github.com/pillarjs/send) | `0.17.1` | `0.19.2` |\n| [serve-static](https://github.com/expressjs/serve-static) | `1.14.1` | `1.16.3` |\n\nBumps the npm_and_yarn group with 5 updates in the /11-integrating-with-function-calling/typescript/function-app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [axios](https://github.com/axios/axios) | `1.12.0` | `1.16.0` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n\nBumps the npm_and_yarn group with 4 updates in the /09-building-image-applications/typescript/image-generation-app directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [@tootallnate/once](https://github.com/TooTallNate/once).\nBumps the npm_and_yarn group with 4 updates in the /08-building-search-applications/typescript/search-app directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [@tootallnate/once](https://github.com/TooTallNate/once).\nBumps the npm_and_yarn group with 4 updates in the /07-building-chat-applications/typescript/chat-completions-app directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [@tootallnate/once](https://github.com/TooTallNate/once).\nBumps the npm_and_yarn group with 4 updates in the /06-text-generation-apps/typescript/recipe-app directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [qs](https://github.com/ljharb/qs).\n\nUpdates `ansi-regex` from 4.1.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chalk/ansi-regex/commit/64735d25eb839b55bc9fae3877edb702b4c92ca2\"\u003e\u003ccode\u003e64735d2\u003c/code\u003e\u003c/a\u003e v4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a\"\u003e\u003ccode\u003e75a657d\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS (\u003ca href=\"https://redirect.github.com/chalk/ansi-regex/issues/37\"\u003e#37\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ansi-regex` from 5.0.0 to 5.0.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chalk/ansi-regex/commit/64735d25eb839b55bc9fae3877edb702b4c92ca2\"\u003e\u003ccode\u003e64735d2\u003c/code\u003e\u003c/a\u003e v4.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chalk/ansi-regex/commit/75a657da7af875b2e2724fd6331bf0a4b23d3c9a\"\u003e\u003ccode\u003e75a657d\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS (\u003ca href=\"https://redirect.github.com/chalk/ansi-regex/issues/37\"\u003e#37\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.0 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes bug when a pattern containing an expression after the closing parenthesis (\u003ccode\u003e/!(*.d).{ts,tsx}\u003c/code\u003e) was incorrectly converted to regexp (\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241ef\"\u003e9f241ef\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSome documentation improvements (\u003ca href=\"https://github.com/micromatch/picomatch/commit/f81d236\"\u003ef81d236\u003c/a\u003e, \u003ca href=\"https://github.com/micromatch/picomatch/commit/421e0e7\"\u003e421e0e7\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5467a5a9638472610de4f30709991b9a56bb5613\"\u003e\u003ccode\u003e5467a5a\u003c/code\u003e\u003c/a\u003e 2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241efedc15a21bcec1edafd43ee773ceb4bc35\"\u003e\u003ccode\u003e9f241ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/102\"\u003e#102\u003c/a\u003e from micromatch/ISSUE-93_incorrect_extglob_expanding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac3cb660ca76764627aa825676df59378dd60bcd\"\u003e\u003ccode\u003eac3cb66\u003c/code\u003e\u003c/a\u003e fix: support stars in negation extglobs with expression after closing parenth...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/719d348d8a01cf23c6c10568191c1ad5a3fc33e3\"\u003e\u003ccode\u003e719d348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/85\"\u003e#85\u003c/a\u003e from XhmikosR/codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac74e57b38a0d16de8e1752a62003e49c1622cec\"\u003e\u003ccode\u003eac74e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/91\"\u003e#91\u003c/a\u003e from XhmikosR/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.0...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `send` from 0.17.1 to 0.19.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/send/releases\"\u003esend's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.19.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: use tilde notation and update certain dependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pillarjs/send/pull/279\"\u003epillarjs/send#279\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 0.19.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pillarjs/send/pull/280\"\u003epillarjs/send#280\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/send/compare/0.19.1...0.19.2\"\u003ehttps://github.com/pillarjs/send/compare/0.19.1...0.19.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(deps): encodeurl@~2.0.0 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/pillarjs/send/pull/240\"\u003epillarjs/send#240\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/send/compare/0.19.0...0.19.1\"\u003ehttps://github.com/pillarjs/send/compare/0.19.0...0.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting (\u003ca href=\"https://redirect.github.com/pillarjs/send/pull/235\"\u003epillarjs/send#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/pillarjs/send/pull/235\"\u003epillarjs/send#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/send/compare/0.18.0...0.19.0\"\u003ehttps://github.com/pillarjs/send/compare/0.18.0...0.19.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/send/blob/master/HISTORY.md\"\u003esend's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.19.2 / 2025-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: http-errors@~2.0.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@~2.0.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.19.1 / 2024-10-09\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.19.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.18.0 / 2022-03-23\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix emitted 416 error missing headers property\u003c/li\u003e\n\u003cli\u003eLimit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\n\u003cul\u003e\n\u003cli\u003eReplace internal \u003ccode\u003eeval\u003c/code\u003e usage with \u003ccode\u003eFunction\u003c/code\u003e constructor\u003c/li\u003e\n\u003cli\u003eUse instance methods on \u003ccode\u003eprocess\u003c/code\u003e to check for listeners\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: destroy@1.2.0\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\n\u003cul\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.17.2 / 2021-12-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003epref: ignore empty http tokens\u003c/li\u003e\n\u003cli\u003edeps: http-errors@1.8.1\n\u003cul\u003e\n\u003cli\u003edeps: inherits@2.0.4\u003c/li\u003e\n\u003cli\u003edeps: toidentifier@1.0.1\u003c/li\u003e\n\u003cli\u003edeps: setprototypeof@1.2.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: ms@2.1.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/34ba03b7579d31c8bb6d5a3ead573da1a7a118e7\"\u003e\u003ccode\u003e34ba03b\u003c/code\u003e\u003c/a\u003e 0.19.2 (\u003ca href=\"https://redirect.github.com/pillarjs/send/issues/280\"\u003e#280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/e53e4e51b98e62955c9e302e77585a85f45a9c8b\"\u003e\u003ccode\u003ee53e4e5\u003c/code\u003e\u003c/a\u003e deps: use tilde notation and update certain dependencies (\u003ca href=\"https://redirect.github.com/pillarjs/send/issues/279\"\u003e#279\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/19efaa39b98ff3ea26a90a484b9fd11efe0b37cd\"\u003e\u003ccode\u003e19efaa3\u003c/code\u003e\u003c/a\u003e 0.19.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/0a9fa80d8b49643066a6f7b5b4cb891b8e44cc05\"\u003e\u003ccode\u003e0a9fa80\u003c/code\u003e\u003c/a\u003e fix(deps): encodeurl@~2.0.0 (\u003ca href=\"https://redirect.github.com/pillarjs/send/issues/240\"\u003e#240\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/9d2db99518b366d20783fe1c08a1b9bd418929ce\"\u003e\u003ccode\u003e9d2db99\u003c/code\u003e\u003c/a\u003e 0.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35\"\u003e\u003ccode\u003eae4f298\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/b69cbb3dc4c09c37917d08a4c13fcd1bac97ade5\"\u003e\u003ccode\u003eb69cbb3\u003c/code\u003e\u003c/a\u003e 0.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/f53edbb7f4f7ebdd936d3d714d84d52f2d3d00f3\"\u003e\u003ccode\u003ef53edbb\u003c/code\u003e\u003c/a\u003e Limit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/706d6ddf0d3c8a9248fc1edbc3ff60bbc6ad7b93\"\u003e\u003ccode\u003e706d6dd\u003c/code\u003e\u003c/a\u003e docs: add security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/send/commit/b690ba4bd149d20fa6687ee6298fb6aede5b21d7\"\u003e\u003ccode\u003eb690ba4\u003c/code\u003e\u003c/a\u003e docs: fix linux build badge link\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/send/compare/0.17.1...0.19.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for send since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serve-static` from 1.14.1 to 1.16.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/serve-static/releases\"\u003eserve-static's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@~0.19.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/227\"\u003eexpressjs/serve-static#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.16.3 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/229\"\u003eexpressjs/serve-static#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.16.2...v1.16.3\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.16.2...v1.16.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eencodeurl@~2.0.0 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/180\"\u003eexpressjs/serve-static#180\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.16.1...v1.16.2\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.16.1...v1.16.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebump send to 0.19 by \u003ca href=\"https://github.com/tommasini\"\u003e\u003ccode\u003e@​tommasini\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/176\"\u003eexpressjs/serve-static#176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommasini\"\u003e\u003ccode\u003e@​tommasini\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/176\"\u003eexpressjs/serve-static#176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/1.16.0...v1.16.1\"\u003ehttps://github.com/expressjs/serve-static/compare/1.16.0...v1.16.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/173\"\u003eexpressjs/serve-static#173\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/173\"\u003eexpressjs/serve-static#173\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.18.0\n\u003cul\u003e\n\u003cli\u003eFix emitted 416 error missing headers property\u003c/li\u003e\n\u003cli\u003eLimit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: destroy@1.2.0\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.14.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.17.2\n\u003cul\u003e\n\u003cli\u003edeps: http-errors@1.8.1\u003c/li\u003e\n\u003cli\u003edeps: ms@2.1.3\u003c/li\u003e\n\u003cli\u003epref: ignore empty http tokens\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/serve-static/blob/master/HISTORY.md\"\u003eserve-static's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.16.3 / 2024-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@~0.19.1\n\u003cul\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.2 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.1 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.15.0 / 2022-03-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.18.0\n\u003cul\u003e\n\u003cli\u003eFix emitted 416 error missing headers property\u003c/li\u003e\n\u003cli\u003eLimit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: destroy@1.2.0\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.14.2 / 2021-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.17.2\n\u003cul\u003e\n\u003cli\u003edeps: http-errors@1.8.1\u003c/li\u003e\n\u003cli\u003edeps: ms@2.1.3\u003c/li\u003e\n\u003cli\u003epref: ignore empty http tokens\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/9acad22498aa5f95b6e887eae1ab9eae63657d8a\"\u003e\u003ccode\u003e9acad22\u003c/code\u003e\u003c/a\u003e 1.16.3 (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/52dc97d9d3a0269266d005b79eeac295d0a5a895\"\u003e\u003ccode\u003e52dc97d\u003c/code\u003e\u003c/a\u003e deps: send@~0.19.1 and upgrade Node.js versions on the CI  (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/issues/227\"\u003e#227\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/ec9c5ecfb09368519e4698ffbbe1882de00d0ef2\"\u003e\u003ccode\u003eec9c5ec\u003c/code\u003e\u003c/a\u003e 1.16.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/f454d37c68fdad04b582cb9ac0cd165ab6d19114\"\u003e\u003ccode\u003ef454d37\u003c/code\u003e\u003c/a\u003e fix(deps): encodeurl@~2.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/77a8255688cc4affc70e6dc9aa02e3ced4957e77\"\u003e\u003ccode\u003e77a8255\u003c/code\u003e\u003c/a\u003e 1.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/4263f496876980c165a3104d087c1ebaa046ad3d\"\u003e\u003ccode\u003e4263f49\u003c/code\u003e\u003c/a\u003e fix(deps): send@0.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/48c73970b129b96cba448e792576ad89b1f9fbed\"\u003e\u003ccode\u003e48c7397\u003c/code\u003e\u003c/a\u003e 1.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b\"\u003e\u003ccode\u003e0c11fad\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/9b5a12a76f4d70530d2d2a8c7742e9158ed3c0a4\"\u003e\u003ccode\u003e9b5a12a\u003c/code\u003e\u003c/a\u003e 1.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/a39a0df51aa31f22b4947ade34fd90b14c7be1ea\"\u003e\u003ccode\u003ea39a0df\u003c/code\u003e\u003c/a\u003e docs: update CI link\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.14.1...v1.16.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for serve-static since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serve-static` from 1.14.1 to 1.16.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/serve-static/releases\"\u003eserve-static's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@~0.19.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/227\"\u003eexpressjs/serve-static#227\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.16.3 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/229\"\u003eexpressjs/serve-static#229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.16.2...v1.16.3\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.16.2...v1.16.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eencodeurl@~2.0.0 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/180\"\u003eexpressjs/serve-static#180\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.16.1...v1.16.2\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.16.1...v1.16.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebump send to 0.19 by \u003ca href=\"https://github.com/tommasini\"\u003e\u003ccode\u003e@​tommasini\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/176\"\u003eexpressjs/serve-static#176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tommasini\"\u003e\u003ccode\u003e@​tommasini\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/176\"\u003eexpressjs/serve-static#176\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/1.16.0...v1.16.1\"\u003ehttps://github.com/expressjs/serve-static/compare/1.16.0...v1.16.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.16.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/173\"\u003eexpressjs/serve-static#173\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/serve-static/pull/173\"\u003eexpressjs/serve-static#173\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0\"\u003ehttps://github.com/expressjs/serve-static/compare/v1.15.0...1.16.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.18.0\n\u003cul\u003e\n\u003cli\u003eFix emitted 416 error missing headers property\u003c/li\u003e\n\u003cli\u003eLimit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: destroy@1.2.0\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.14.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.17.2\n\u003cul\u003e\n\u003cli\u003edeps: http-errors@1.8.1\u003c/li\u003e\n\u003cli\u003edeps: ms@2.1.3\u003c/li\u003e\n\u003cli\u003epref: ignore empty http tokens\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/serve-static/blob/master/HISTORY.md\"\u003eserve-static's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.16.3 / 2024-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@~0.19.1\n\u003cul\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.2 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: encodeurl@~2.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.1 / 2024-09-11\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.19.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.16.0 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eRemove link renderization in html while redirecting\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.15.0 / 2022-03-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.18.0\n\u003cul\u003e\n\u003cli\u003eFix emitted 416 error missing headers property\u003c/li\u003e\n\u003cli\u003eLimit the headers removed for 304 response\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: destroy@1.2.0\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.14.2 / 2021-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: send@0.17.2\n\u003cul\u003e\n\u003cli\u003edeps: http-errors@1.8.1\u003c/li\u003e\n\u003cli\u003edeps: ms@2.1.3\u003c/li\u003e\n\u003cli\u003epref: ignore empty http tokens\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/9acad22498aa5f95b6e887eae1ab9eae63657d8a\"\u003e\u003ccode\u003e9acad22\u003c/code\u003e\u003c/a\u003e 1.16.3 (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/52dc97d9d3a0269266d005b79eeac295d0a5a895\"\u003e\u003ccode\u003e52dc97d\u003c/code\u003e\u003c/a\u003e deps: send@~0.19.1 and upgrade Node.js versions on the CI  (\u003ca href=\"https://redirect.github.com/expressjs/serve-static/issues/227\"\u003e#227\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/ec9c5ecfb09368519e4698ffbbe1882de00d0ef2\"\u003e\u003ccode\u003eec9c5ec\u003c/code\u003e\u003c/a\u003e 1.16.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/f454d37c68fdad04b582cb9ac0cd165ab6d19114\"\u003e\u003ccode\u003ef454d37\u003c/code\u003e\u003c/a\u003e fix(deps): encodeurl@~2.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/77a8255688cc4affc70e6dc9aa02e3ced4957e77\"\u003e\u003ccode\u003e77a8255\u003c/code\u003e\u003c/a\u003e 1.16.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/4263f496876980c165a3104d087c1ebaa046ad3d\"\u003e\u003ccode\u003e4263f49\u003c/code\u003e\u003c/a\u003e fix(deps): send@0.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/48c73970b129b96cba448e792576ad89b1f9fbed\"\u003e\u003ccode\u003e48c7397\u003c/code\u003e\u003c/a\u003e 1.16.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b\"\u003e\u003ccode\u003e0c11fad\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/9b5a12a76f4d70530d2d2a8c7742e9158ed3c0a4\"\u003e\u003ccode\u003e9b5a12a\u003c/code\u003e\u003c/a\u003e 1.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/serve-static/commit/a39a0df51aa31f22b4947ade34fd90b14c7be1ea\"\u003e\u003ccode\u003ea39a0df\u003c/code\u003e\u003c/a\u003e docs: update CI link\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/serve-static/compare/v1.14.1...v1.16.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for serve-static since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes bug when a pattern containing an expression after the closing parenthesis (\u003ccode\u003e/!(*.d).{ts,tsx}\u003c/code\u003e) was incorrectly converted to regexp (\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241ef\"\u003e9f241ef\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSome documentation improvements (\u003ca href=\"https://github.com/micromatch/picomatch/commit/f81d236\"\u003ef81d236\u003c/a\u003e, \u003ca href=\"https://github.com/micromatch/picomatch/commit/421e0e7\"\u003e421e0e7\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5467a5a9638472610de4f30709991b9a56bb5613\"\u003e\u003ccode\u003e5467a5a\u003c/code\u003e\u003c/a\u003e 2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241efedc15a21bcec1edafd43ee773ceb4bc35\"\u003e\u003ccode\u003e9f241ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/102\"\u003e#102\u003c/a\u003e from micromatch/ISSUE-93_incorrect_extglob_expanding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac3cb660ca76764627aa825676df59378dd60bcd\"\u003e\u003ccode\u003eac3cb66\u003c/code\u003e\u003c/a\u003e fix: support stars in negation extglobs with expression after closing parenth...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/719d348d8a01cf23c6c10568191c1ad5a3fc33e3\"\u003e\u003ccode\u003e719d348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/85\"\u003e#85\u003c/a\u003e from XhmikosR/codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac74e57b38a0d16de8e1752a62003e49c1622cec\"\u003e\u003ccode\u003eac74e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/91\"\u003e#91\u003c/a\u003e from XhmikosR/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.0...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.12.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate dependency versions across the root and 6 example apps to pick up security fixes and minor improvements. Notable changes include `axios` upgrades in the function-calling app and refreshed libraries for globbing and static file serving.\n\n- **Dependencies**\n  - `axios` → `^1.16.0` in `11-integrating-with-function-calling/typescript/function-app` (stricter size limits; adapter fixes). Also bumps `follow-redirects` and `proxy-from-env`.\n  - Globbing stack: `brace-expansion` → `1.1.15`/`2.1.1`, `minimatch` → `3.1.5`/`9.0.9`, `picomatch` → `2.3.2` (addresses ReDoS/CVEs).\n  - `lodash` → `4.18.1` (security and bug fixes).\n  - Static serving: `send` → `0.19.2`, `serve-static` → `1.16.3` (dependency updates incl. `encodeurl@~2.0.0`).\n  - `ansi-regex` → `4.1.1`/`5.0.1` (ReDoS fix).\n  - Minor patches: `@tootallnate/once` → `2.0.1`, `qs` → `6.15.2`.\n\n- **Migration**\n  - If you use the `axios` fetch adapter, `maxBodyLength` and `maxContentLength` are now enforced; adjust limits if needed. Run `npm ci` and smoke test HTTP calls and static file hosting flows.\n\n\u003csup\u003eWritten for commit 2ef687eca2eb0bca18e7def66432cce678f1c1fe. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/generative-ai-for-beginners/pull/2?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies across 6 TypeScript app directories\n\u003e Updates `package-lock.json` files across 6 TypeScript sample apps and bumps `axios` from `^1.12.0` to `^1.16.0` in [function-app/package.json](https://github.com/EmilynnJ/generative-ai-for-beginners/pull/2/files#diff-73386eaaba005f457c749d235af22257ca4ab75e08e7816ed776550549a11add).\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized 2ef687e.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/generative-ai-for-beginners/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fgenerative-ai-for-beginners/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-30T09:33:35.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4553996724","node_id":"PR_kwDOQnoLB87g7I7c","number":1,"state":"open","title":"Bump the npm_and_yarn group across 2 directories with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:33:35.000Z","updated_at":"2026-05-30T09:34:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@modelcontextprotocol/sdk","old_version":"1.25.1","new_version":"1.26.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"next","old_version":"16.1.0","new_version":"16.2.6","repository_url":"https://github.com/vercel/next.js"},{"name":"next-intl","old_version":"4.6.1","new_version":"4.9.2","repository_url":"https://github.com/amannn/next-intl"},{"name":"yaml","old_version":"2.8.2","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"defu","old_version":"6.1.4","new_version":"6.1.7","repository_url":"https://github.com/unjs/defu"},{"name":"effect","old_version":"3.18.4","new_version":"3.21.0","repository_url":"https://github.com/Effect-TS/effect"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"5.2.5","new_version":"5.7.3","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 4 updates in the /packages/prompts.chat directory: [picomatch](https://github.com/micromatch/picomatch), [postcss](https://github.com/postcss/postcss), [rollup](https://github.com/rollup/rollup) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.25.1` | `1.26.0` |\n| [next](https://github.com/vercel/next.js) | `16.1.0` | `16.2.6` |\n| [next-intl](https://github.com/amannn/next-intl) | `4.6.1` | `4.9.2` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.2` | `2.8.3` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` |\n| [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) | `3.18.4` | `3.21.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.2.5` | `5.7.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.54.0 to 4.60.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.60.4\u003c/h2\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.2\u003c/h2\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6346\"\u003e#6346\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6347\"\u003e#6347\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6348\"\u003e#6348\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6349\"\u003e#6349\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6350\"\u003e#6350\u003c/a\u003e: fix: reset variable render names between outputs in the same generate (\u003ca href=\"https://github.com/barry3406\"\u003e\u003ccode\u003e@​barry3406\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6351\"\u003e#6351\u003c/a\u003e: chore(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6352\"\u003e#6352\u003c/a\u003e: chore(deps): update cross-platform-actions/action action to v1 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6353\"\u003e#6353\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6354\"\u003e#6354\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6355\"\u003e#6355\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6356\"\u003e#6356\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6358\"\u003e#6358\u003c/a\u003e: chore: remove cross-env from devDeps (\u003ca href=\"https://github.com/K-tecchan\"\u003e\u003ccode\u003e@​K-tecchan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.60.1\u003c/h2\u003e\n\u003ch2\u003e4.60.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.60.4\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-14\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove stability of chunk hashes (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6362\"\u003e#6362\u003c/a\u003e: fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://github.com/sonukapoor\"\u003e\u003ccode\u003e@​sonukapoor\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Sonu\"\u003e\u003ccode\u003e@​Sonu\u003c/code\u003e\u003c/a\u003e Kapoor, \u003ca href=\"https://github.com/TrickyPi\"\u003e\u003ccode\u003e@​TrickyPi\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6370\"\u003e#6370\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6371\"\u003e#6371\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6372\"\u003e#6372\u003c/a\u003e: chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6373\"\u003e#6373\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6375\"\u003e#6375\u003c/a\u003e: Resolve vulnerabilities (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.3\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-05-04\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure nested \u0026quot;exports\u0026quot; variables are not renamed (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6360\"\u003e#6360\u003c/a\u003e: fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://github.com/tariqrafique\"\u003e\u003ccode\u003e@​tariqrafique\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6364\"\u003e#6364\u003c/a\u003e: chore(deps): update msys2/setup-msys2 digest to e989830 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6365\"\u003e#6365\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6366\"\u003e#6366\u003c/a\u003e: fix(deps): update swc monorepo (major) (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6367\"\u003e#6367\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6368\"\u003e#6368\u003c/a\u003e: docs: add missing backticks in \u003ccode\u003eplugin-development\u003c/code\u003e (\u003ca href=\"https://github.com/lumirlumir\"\u003e\u003ccode\u003e@​lumirlumir\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.60.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-04-18\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve a variable rendering bug when generating different formats from the same build (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6350\"\u003e#6350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6327\"\u003e#6327\u003c/a\u003e: docs: fix various typos in source and documentation (\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6331\"\u003e#6331\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6332\"\u003e#6332\u003c/a\u003e: chore(deps): update codecov/codecov-action action to v6 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6333\"\u003e#6333\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v64 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6334\"\u003e#6334\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v51 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6335\"\u003e#6335\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d311a84b0bb4d4a6f50d19ffd2c29cca28660c88\"\u003e\u003ccode\u003ed311a84\u003c/code\u003e\u003c/a\u003e 4.60.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/6aa324854482e273b711972955d2d1b3bb445bcc\"\u003e\u003ccode\u003e6aa3248\u003c/code\u003e\u003c/a\u003e fix: stabilize chunk assignment across parallel file reads (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6362\"\u003e#6362\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/82a0fe76b1372a2cf509fc4067d69f25569b83f5\"\u003e\u003ccode\u003e82a0fe7\u003c/code\u003e\u003c/a\u003e Resolve vulnerabilities (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6375\"\u003e#6375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/71f5ebc893d7ff76b5571d63b04ea2ed4a4ddd9d\"\u003e\u003ccode\u003e71f5ebc\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6371\"\u003e#6371\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/af91d778cdf564dd1ae1bfd6e92604ec031824a7\"\u003e\u003ccode\u003eaf91d77\u003c/code\u003e\u003c/a\u003e chore(deps): lock file maintenance (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6373\"\u003e#6373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/65e7b94ddda9f02334fa8f12ff6bf699c1f07833\"\u003e\u003ccode\u003e65e7b94\u003c/code\u003e\u003c/a\u003e chore(deps): update react monorepo to v19 (major) (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6372\"\u003e#6372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/642587f3d9c5b4aa482a5027672f0fa8ea76da12\"\u003e\u003ccode\u003e642587f\u003c/code\u003e\u003c/a\u003e fix(deps): update minor/patch updates (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6370\"\u003e#6370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/b47bdabeccbb7aa1b1d4117f2f4a781a9f6de297\"\u003e\u003ccode\u003eb47bdab\u003c/code\u003e\u003c/a\u003e 4.60.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/15c5f33083c8c6b1b2cbae548124fffbba2553bb\"\u003e\u003ccode\u003e15c5f33\u003c/code\u003e\u003c/a\u003e Add again some unneeded dev dependencies, to make some builds succeed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/12195dcebbd21f0f2d91e26720cd053526edbfe3\"\u003e\u003ccode\u003e12195dc\u003c/code\u003e\u003c/a\u003e fix: do not rename nested \u0026quot;exports\u0026quot; bindings that do not conflict (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6360\"\u003e#6360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rollup/rollup/compare/v4.54.0...v4.60.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 7.3.0 to 7.3.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.3/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.2...v7.3.3\"\u003e7.3.3\u003c/a\u003e (2026-05-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid destructure lowering for newer safari (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22346\"\u003e#22346\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e5ab51c0\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca31424cccb075c88131132b929a63527d0e2b69\"\u003e\u003ccode\u003eca31424\u003c/code\u003e\u003c/a\u003e release: v7.3.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5ab51c0f76f0896175e02ad797c1f5fe116d02f4\"\u003e\u003ccode\u003e5ab51c0\u003c/code\u003e\u003c/a\u003e fix: avoid destructure lowering for newer safari (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22346\"\u003e#22346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.3/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@modelcontextprotocol/sdk` from 1.25.1 to 1.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.26.0\u003c/h2\u003e\n\u003cp\u003eAddresses \u0026quot;Sharing server/transport instances can leak cross-client response data\u0026quot; in this GHSA \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: bump v1.25.3 for backport fixes by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\"\u003emodelcontextprotocol/typescript-sdk#1412\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by \u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) by \u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.26.0 by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\"\u003emodelcontextprotocol/typescript-sdk#1479\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v1.x backport] Use correct schema for client sampling validation when tools are present by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\"\u003emodelcontextprotocol/typescript-sdk#1407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent Hono from overriding global Response object (v1.x) by \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\"\u003emodelcontextprotocol/typescript-sdk#1411\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: trigger workflow on v1.x branch by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\"\u003emodelcontextprotocol/typescript-sdk#1319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: README badges links destinations by \u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\"\u003emodelcontextprotocol/typescript-sdk#1365\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"\u003e\u003ccode\u003efe9c07b\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.26.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"\u003e\u003ccode\u003e4f01e7e\u003c/code\u003e\u003c/a\u003e fix: add non-null assertions for optional setupServer fields in stateful test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"\u003e\u003ccode\u003ea05be17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"\u003e\u003ccode\u003e50d9fa3\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\"\u003e#1442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"\u003e\u003ccode\u003eaa81a66\u003c/code\u003e\u003c/a\u003e fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"\u003e\u003ccode\u003e6aba065\u003c/code\u003e\u003c/a\u003e chore: bump v1.25.3 for backport fixes (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\"\u003e#1412\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"\u003e\u003ccode\u003e6e8f7e1\u003c/code\u003e\u003c/a\u003e fix: prevent Hono from overriding global Response object (v1.x) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\"\u003e#1411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"\u003e\u003ccode\u003e12ae856\u003c/code\u003e\u003c/a\u003e [v1.x backport] Use correct schema for client sampling validation when tools ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"\u003e\u003ccode\u003eb392f02\u003c/code\u003e\u003c/a\u003e fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\"\u003e#1365\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"\u003e\u003ccode\u003ea0c9b13\u003c/code\u003e\u003c/a\u003e fix: README badges links destinations (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\"\u003e#907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 16.1.0 to 16.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.6\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - \u003cstrong\u003eIncomplete Fix Follow-Up\u003c/strong\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eModerate:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eLow:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve HTTP access fallbacks during prerender recovery (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92231\"\u003e#92231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix fallback route params case in app-page handler (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91737\"\u003e#91737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix invalid HTML response for route-level RSC requests in deployment adapter (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91541\"\u003e#91541\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePatch setHeader for direct route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93101\"\u003e#93101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude deployment id in \u003ccode\u003ecacheHandlers\u003c/code\u003e keys (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93453\"\u003e#93453\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix double-encoding of URL pathname parts in client param parsing (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93491\"\u003e#93491\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev16.2.5\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains security fixes and backported bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity Fixes\u003c/h3\u003e\n\u003cp\u003eThe following advisories have been addressed:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eHigh:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ee6e79b1792a4d401ddf2480f40a83549fe8e722\"\u003e\u003ccode\u003eee6e79b\u003c/code\u003e\u003c/a\u003e v16.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/afa053d9eb9c2a68c7eba43e84fe6bed8babcd45\"\u003e\u003ccode\u003eafa053d\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/97a154e5bbee0cb1ac3fb8aa4db66ac36e796e3d\"\u003e\u003ccode\u003e97a154e\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/83899bc89103d4df1479e065c7c1e09d4698a7b6\"\u003e\u003ccode\u003e83899bc\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/7b222b90954d607fc28a34e9b360a9b1636bc206\"\u003e\u003ccode\u003e7b222b9\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93595\"\u003e#93595\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/a8dc24f1fe23d4a22d24fac734837f7c824138f7\"\u003e\u003ccode\u003ea8dc24f\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93587\"\u003e#93587\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/766148f9cd48c0e218acafcd0f15defc14871bf4\"\u003e\u003ccode\u003e766148f\u003c/code\u003e\u003c/a\u003e v16.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/0dd94836a8b43209fcfefa448c141683c22c1a27\"\u003e\u003ccode\u003e0dd9483\u003c/code\u003e\u003c/a\u003e fix: add explicit checks for RSC header (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/83\"\u003e#83\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/98\"\u003e#98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d166096c399c4fc4e09cd2d1bf26dca6579a855d\"\u003e\u003ccode\u003ed166096\u003c/code\u003e\u003c/a\u003e fix proxy matching for segment prefetch URLs (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/89\"\u003e#89\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9d50c0b7190f59c470308578e12882788819f14c\"\u003e\u003ccode\u003e9d50c0b\u003c/code\u003e\u003c/a\u003e Strip next-resume header from incoming requests (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v16.1.0...v16.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next-intl` from 4.6.1 to 4.9.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/amannn/next-intl/releases\"\u003enext-intl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.9.2\u003c/h2\u003e\n\u003ch2\u003e4.9.2 (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003ec0bf0ee\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.9.1\u003c/h2\u003e\n\u003ch2\u003e4.9.1 (2026-04-10)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove middleware pathname validation (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2304\"\u003e#2304\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/1c80b668aa6d853f470319eec10a3f61e78a70e6\"\u003e1c80b66\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.9.0\u003c/h2\u003e\n\u003ch2\u003e4.9.0 (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003etransitionTypes\u003c/code\u003e on \u003ccode\u003eLink\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2302\"\u003e#2302\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/02811f5dd5f31753d742632082874b6e3e3667f6\"\u003e02811f5\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.8.4\u003c/h2\u003e\n\u003ch2\u003e4.8.4 (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove TypeScript peer dependency and update examples to TypeScript v6 (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2293\"\u003e#2293\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/5e7bcd743994f8a3ccfd904d7969f4543950cd0a\"\u003e5e7bcd7\u003c/a\u003e) – by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.8.3\u003c/h2\u003e\n\u003ch2\u003e4.8.3 (2026-02-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@formatjs/intl-localematcher\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2265\"\u003e#2265\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/196f1f3093fa629c8379c67ac1f67cf0f4906dc0\"\u003e196f1f3\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.8.2\u003c/h2\u003e\n\u003ch2\u003e4.8.2 (2026-02-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid throwing config errors for non-Next.js consumers of \u003ccode\u003enext.config.ts\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/f57800ecd43ab9ab928a6c3839e24fed68bc6d24\"\u003ef57800e\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.8.1\u003c/h2\u003e\n\u003ch2\u003e4.8.1 (2026-01-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eprecompile\u003c/code\u003e alias on Windows (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2237\"\u003e#2237\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/8e7151aec3a5d50ec7b431175fa89739c0238bb5\"\u003e8e7151a\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.8.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/amannn/next-intl/blob/main/CHANGELOG.md\"\u003enext-intl's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.9.2 (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003ec0bf0ee\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.9.1 (2026-04-10)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove middleware pathname validation (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2304\"\u003e#2304\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/1c80b668aa6d853f470319eec10a3f61e78a70e6\"\u003e1c80b66\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.9.0 (2026-04-01)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSupport \u003ccode\u003etransitionTypes\u003c/code\u003e on \u003ccode\u003eLink\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2302\"\u003e#2302\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/02811f5dd5f31753d742632082874b6e3e3667f6\"\u003e02811f5\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.4 (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove TypeScript peer dependency and update examples to TypeScript v6 (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2293\"\u003e#2293\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/5e7bcd743994f8a3ccfd904d7969f4543950cd0a\"\u003e5e7bcd7\u003c/a\u003e) – by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.3 (2026-02-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@formatjs/intl-localematcher\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2265\"\u003e#2265\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/196f1f3093fa629c8379c67ac1f67cf0f4906dc0\"\u003e196f1f3\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.2 (2026-02-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAvoid throwing config errors for non-Next.js consumers of \u003ccode\u003enext.config.ts\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/f57800ecd43ab9ab928a6c3839e24fed68bc6d24\"\u003ef57800e\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.1 (2026-01-30)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ccode\u003eprecompile\u003c/code\u003e alias on Windows (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2237\"\u003e#2237\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/8e7151aec3a5d50ec7b431175fa89739c0238bb5\"\u003e8e7151a\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.8.0 (2026-01-28)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAhead-of-time compilation for messages (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2220\"\u003e#2220\u003c/a\u003e) (\u003ca href=\"https://github.com/amannn/next-intl/commit/02149c19ee52a581fdc52f3160550bf957256488\"\u003e02149c1\u003c/a\u003e) – by \u003ca href=\"https://github.com/amannn\"\u003e\u003ccode\u003e@​amannn\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.7.0 (2026-01-01)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/e1b18258075017216165735212568c8f795e1660\"\u003e\u003ccode\u003ee1b1825\u003c/code\u003e\u003c/a\u003e v4.9.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/c0bf0ee42abb38926dee51474a80b9982b3acb2f\"\u003e\u003ccode\u003ec0bf0ee\u003c/code\u003e\u003c/a\u003e fix: Prototype safety guards for \u003ccode\u003eprecompile: true\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2307\"\u003e#2307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/b4aa5380c50ad59a80d1dfdbc229590a4e0133a3\"\u003e\u003ccode\u003eb4aa538\u003c/code\u003e\u003c/a\u003e v4.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/1c80b668aa6d853f470319eec10a3f61e78a70e6\"\u003e\u003ccode\u003e1c80b66\u003c/code\u003e\u003c/a\u003e fix: Improve middleware pathname validation (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2304\"\u003e#2304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/b65f8c4e88ad3f2ac8df3443b6cdd66c08c19e60\"\u003e\u003ccode\u003eb65f8c4\u003c/code\u003e\u003c/a\u003e v4.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/02811f5dd5f31753d742632082874b6e3e3667f6\"\u003e\u003ccode\u003e02811f5\u003c/code\u003e\u003c/a\u003e feat: Support \u003ccode\u003etransitionTypes\u003c/code\u003e on \u003ccode\u003eLink\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/amannn/next-intl/issues/2302\"\u003e#2302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/722785bc2d34f38949b8186c0282af88db38c2a5\"\u003e\u003ccode\u003e722785b\u003c/code\u003e\u003c/a\u003e v4.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/5e7bcd743994f8a3ccfd904d7969f4543950cd0a\"\u003e\u003ccode\u003e5e7bcd7\u003c/code\u003e\u003c/a\u003e fix: Remove TypeScript peer dependency and update examples to TypeScript v6 (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/c9d605131259d0533757063822fafb7d3584eca3\"\u003e\u003ccode\u003ec9d6051\u003c/code\u003e\u003c/a\u003e fix: Remove TypeScript peer dependency and update examples to TypeScript v6 (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/amannn/next-intl/commit/5be07b66dfc5842e27decced737ba9b0ab85377f\"\u003e\u003ccode\u003e5be07b6\u003c/code\u003e\u003c/a\u003e fix: Remove TypeScript peer dependency and update examples to TypeScript v6 (...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/amannn/next-intl/compare/v4.6.1...v4.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.2 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.7 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e@​hono/node-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(globals): Stop overwriting global.fetch by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/295\"\u003ehonojs/node-server#295\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-s...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade dependencies across the root app and `packages/prompts.chat` to apply security patches and improve build stability. Highlights: `next` 16.2.6, `@modelcontextprotocol/sdk` 1.26.0, and toolchain bumps (`rollup` 4.60.4, `vite` 7.3.3, `postcss` 8.5.15).\n\n- **Dependencies**\n  - `next` → 16.2.6: addresses multiple RSC, middleware, and image API advisories.\n  - `@modelcontextprotocol/sdk` → 1.26.0: fixes cross-client response leak.\n  - `next-intl` → 4.9.2: middleware pathname validation and prototype safety for precompiled messages.\n  - `picomatch` → 4.0.4/2.3.2: security fixes.\n  - `ajv` → 6.15.0: mitigations for `$data`/regexp exploit and prototype pollution.\n  - `@hono/node-server` → 1.19.14: static middleware bypass fixes and stability tweaks.\n  - `rollup` → 4.60.4, `vite` → 7.3.3, `postcss` → 8.5.15 (in `packages/prompts.chat`): stability and security fixes (chunk hash stability, path traversal, XSS/file read).\n  - Other patches: `yaml` → 2.8.3, `@aws-sdk/client-s3` → 3.1057.0, plus minor indirect bumps (`minimatch`, `defu`, `fast-xml-parser`, `flatted`, etc.).\n\n\u003csup\u003eWritten for commit a4b56a87c068f7a2db8bb174edd4ab80acd820d4. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/Spiritual--chatgpt-prompts/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump npm dependencies across root and `packages/prompts.chat` workspaces\n\u003e Updates 19 packages across two directories, including `@aws-sdk/client-s3` (3.948→3.1057), `@modelcontextprotocol/sdk` (1.24→1.26), `next` (16.0→16.2), `next-intl` (4.5→4.9), and `prisma` (6.19.0→6.19.3). Lockfiles are regenerated to match.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized a4b56a8.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/Spiritual--chatgpt-prompts/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2FSpiritual--chatgpt-prompts/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-30T09:29:41.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4553988597","node_id":"PR_kwDOQXH51s7g7Hd6","number":1,"state":"open","title":"Bump the npm_and_yarn group across 2 directories with 7 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:29:41.000Z","updated_at":"2026-05-30T09:30:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":7,"packages":[{"name":"diff","old_version":"7.0.0","new_version":"9.0.0","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"diff","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"tmp","old_version":"0.2.3","new_version":"0.2.7","repository_url":"https://github.com/raszi/node-tmp"},{"name":"uuid","old_version":"8.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the /rewrite-javascript/rewrite directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [diff](https://github.com/kpdecker/jsdiff) | `7.0.0` | `9.0.0` |\n| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.7` |\n| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `14.0.0` |\n\nBumps the npm_and_yarn group with 1 update in the /rewrite-javascript/rewrite/.rewrite directory: [diff](https://github.com/kpdecker/jsdiff).\n\nUpdates `diff` from 7.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590c6f6\"\u003e\u003ccode\u003e2e46779\u003c/code\u003e\u003c/a\u003e Fix a typo (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/679\"\u003e#679\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dd2f99497703a1540b2ae406b51c49b74b5fc1a1\"\u003e\u003ccode\u003edd2f994\u003c/code\u003e\u003c/a\u003e 8.0.4 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/678\"\u003e#678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/3cc438434db53c5d1c40412b727ea7650f6f145a\"\u003e\u003ccode\u003e3cc4384\u003c/code\u003e\u003c/a\u003e Update docs on releasing to reflect migration to yarn berry (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/6fc2aa6b7672af08774b50aae00d97b99c5b5715\"\u003e\u003ccode\u003e6fc2aa6\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/af7393ac3404565dc8da655c2e7aeeed28c01ff7\"\u003e\u003ccode\u003eaf7393a\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4b5d1800370bf29b61a3378fb8086aeb231d3ef7\"\u003e\u003ccode\u003e4b5d180\u003c/code\u003e\u003c/a\u003e Fix another bug in diffWords's \u0026quot;intlSegmenter\u0026quot; mode (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/667\"\u003e#667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/10da50c466709e7bd4b192dac96af0af46f8b7bd\"\u003e\u003ccode\u003e10da50c\u003c/code\u003e\u003c/a\u003e yarn up '*' \u0026amp;\u0026amp; yarn up -R '**' (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/666\"\u003e#666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/7.0.0...v9.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.2.3 to 0.2.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8ea1f37d75c67569e0f151448330d52f7babf211\"\u003e\u003ccode\u003e8ea1f37\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153\"\u003e\u003ccode\u003e8f24f78\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/ce787f37aaacccad921ae90990c9da33481fe59c\"\u003e\u003ccode\u003ece787f3\u003c/code\u003e\u003c/a\u003e Reject non-string prefix, postfix, template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/41f71598d03f104a67e0448a7cb9bd4efcdd5980\"\u003e\u003ccode\u003e41f7159\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429\"\u003e\u003ccode\u003eefa4a06\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/7ef2728ce0211b8110b2033dfe62eaf030341acf\"\u003e\u003ccode\u003e7ef2728\u003c/code\u003e\u003c/a\u003e Check for relative values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.2.3...v0.2.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 8.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 7.0.0 to 8.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.0.0\u003c/h2\u003e\n\u003cp\u003e(All changes part of PR \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/672\"\u003e#672\u003c/a\u003e.)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eES5 support is dropped\u003c/strong\u003e. \u003ccode\u003eparsePatch\u003c/code\u003e now uses \u003ccode\u003eTextDecoder\u003c/code\u003e and \u003ccode\u003eUint8Array\u003c/code\u003e, which are not available in ES5, and TypeScript is now compiled with the \u0026quot;es6\u0026quot; \u003ccode\u003etarget\u003c/code\u003e. From now on, I intend to freely use any features that are deemed \u0026quot;Widely available\u0026quot; by \u003ca href=\"https://web.dev/baseline\"\u003eBaseline\u003c/a\u003e. Users who need ES5 support should stick to version 8.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eC-style quoted strings in filename headers are now properly supported\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eWhen the name of either the old or new file in a patch contains \u0026quot;special characters\u0026quot;, both GNU \u003ccode\u003ediff\u003c/code\u003e and Git quote the filename in the patch's headers and escape special characters using the same escape sequences that are used in string literals in C, including octal escapes for all non-ASCII characters. Previously, jsdiff had very little support for this; \u003ccode\u003eparsePatch\u003c/code\u003e would remove the quotes, and unescape any escaped backslashes, but would not unescape other escape sequences. \u003ccode\u003eformatPatch\u003c/code\u003e, meanwhile, did not quote or escape special characters at all.\u003c/p\u003e\n\u003cp\u003eNow, \u003ccode\u003eparsePatch\u003c/code\u003e parses all the possible escape sequences that GNU diff (or Git) ever output, and \u003ccode\u003eformatPatch\u003c/code\u003e quotes and escapes filenames containing special characters in the same way GNU diff does.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now omits file headers when \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e in the provided patch object are \u003ccode\u003eundefined\u003c/code\u003e\u003c/strong\u003e, regardless of the \u003ccode\u003eheaderOptions\u003c/code\u003e parameter. (Previously, it would treat the absence of \u003ccode\u003eoldFileName\u003c/code\u003e or \u003ccode\u003enewFileName\u003c/code\u003e as indicating the filename was the word \u0026quot;undefined\u0026quot; and emit headers \u003ccode\u003e--- undefined\u003c/code\u003e / \u003ccode\u003e+++ undefined\u003c/code\u003e.)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer outputs trailing tab characters at the end of \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e headers.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003ePreviously, if \u003ccode\u003eformatPatch\u003c/code\u003e was passed a patch object to serialize that had empty strings for the \u003ccode\u003eoldHeader\u003c/code\u003e or \u003ccode\u003enewHeader\u003c/code\u003e property, it would include a trailing tab character after the filename in the \u003ccode\u003e---\u003c/code\u003e and/or \u003ccode\u003e+++\u003c/code\u003e file header. Now, this scenario is treated the same as when \u003ccode\u003eoldHeader\u003c/code\u003e/\u003ccode\u003enewHeader\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e - i.e. the trailing tab is omitted.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eformatPatch\u003c/code\u003e no longer mutates its input\u003c/strong\u003e when serializing a patch containing a hunk where either the old or new content contained zero lines. (Such a hunk occurs only when the hunk has no context lines and represents a pure insertion or pure deletion, which for instance will occur whenever one of the two files being diffed is completely empty.) Previously \u003ccode\u003eformatPatch\u003c/code\u003e would provide the correct output but also mutate the \u003ccode\u003eoldLines\u003c/code\u003e or \u003ccode\u003enewLines\u003c/code\u003e property on the hunk, changing the meaning of the underlying patch.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eGit-style patches are now supported by \u003ccode\u003eparsePatch\u003c/code\u003e, \u003ccode\u003eformatPatch\u003c/code\u003e, and \u003ccode\u003ereversePatch\u003c/code\u003e\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003ePatches output by \u003ccode\u003egit diff\u003c/code\u003e can include some features that are unlike those output by GNU \u003ccode\u003ediff\u003c/code\u003e, and therefore not handled by an ordinary unified diff format parser. An ordinary diff simply describes the differences between the \u003cem\u003econtent\u003c/em\u003e of two files, but Git diffs can also indicate, via \u0026quot;extended headers\u0026quot;, the creation or deletion of (potentially empty) files, indicate that a file was renamed, and contain information about file mode changes. Furthermore, when these changes appear in a diff in the absence of a content change (e.g. when an empty file is created, or a file is renamed without content changes), the patch will contain no associated \u003ccode\u003e---\u003c/code\u003e/\u003ccode\u003e+++\u003c/code\u003e file headers nor any hunks.\u003c/p\u003e\n\u003cp\u003ejsdiff previously did not support parsing Git's extended headers, nor hunkless patches. Now \u003ccode\u003eparsePatch\u003c/code\u003e parses some of the extended headers, parses hunkless Git patches, and can determine filenames (e.g. from the extended headers) when parsing a patch that includes no \u003ccode\u003e---\u003c/code\u003e or \u003ccode\u003e+++\u003c/code\u003e file headers. The additional information conveyed by the extended headers we support is recorded on new fields on the result object returned by \u003ccode\u003eparsePatch\u003c/code\u003e. See \u003ccode\u003eisGit\u003c/code\u003e and subsequent properties in the docs in the README.md file.\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003eformatPatch\u003c/code\u003e now outputs extended headers based on these new Git-specific properties, and \u003ccode\u003ereversePatch\u003c/code\u003e respects them as far as possible (with one unavoidable caveat noted in the README.md file).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eUnpaired file headers now cause \u003ccode\u003eparsePatch\u003c/code\u003e to throw\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eIt remains acceptable to have a patch with no file headers whatsoever (e.g. one that begins with a \u003ccode\u003e@@\u003c/code\u003e hunk header on the very first line), but a patch with \u003cem\u003eonly\u003c/em\u003e a \u003ccode\u003e---\u003c/code\u003e header or only a \u003ccode\u003e+++\u003c/code\u003e header is now considered an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003eparsePatch\u003c/code\u003e is now more tolerant of \u0026quot;trailing garbage\u0026quot;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThat is: after a patch, or between files/indexes in a patch, it is now acceptable to have arbitrary lines of \u0026quot;garbage\u0026quot; (so long as they unambiguously have no syntactic meaning - e.g. trailing garbage that leads with a \u003ccode\u003e+\u003c/code\u003e, \u003ccode\u003e-\u003c/code\u003e, or \u003ccode\u003e \u003c/code\u003e and thus is interpretable as part of a hunk still triggers a throw).\u003c/p\u003e\n\u003cp\u003eThis means we no longer reject patches output by tools that include extra data in \u0026quot;garbage\u0026quot; lines not understood by generic unified diff parsers. (For example, SVN patches can include \u0026quot;Property changes on:\u0026quot; lines that generic unified diff parsers should discard as garbage; jsdiff previously threw errors when encountering them.)\u003c/p\u003e\n\u003cp\u003eThis change brings jsdiff's behaviour more in line with GNU \u003ccode\u003epatch\u003c/code\u003e, which is highly permissive of \u0026quot;garbage\u0026quot;.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThe \u003ccode\u003eoldFileName\u003c/code\u003e and \u003ccode\u003enewFileName\u003c/code\u003e fields of \u003ccode\u003eStructuredPatch\u003c/code\u003e are now typed as \u003ccode\u003estring | undefined\u003c/code\u003e instead of \u003ccode\u003estring\u003c/code\u003e\u003c/strong\u003e. This type change reflects the (pre-existing) reality that \u003ccode\u003eparsePatch\u003c/code\u003e can produce patches without filenames (e.g. when parsing a patch that simply contains hunks with no file headers).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/667\"\u003e#667\u003c/a\u003e - \u003cstrong\u003efix another bug in \u003ccode\u003ediffWords\u003c/code\u003e when used with an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e\u003c/strong\u003e. If the text to be diffed included a combining mark after a whitespace character (i.e. roughly speaking, an accented space), \u003ccode\u003ediffWords\u003c/code\u003e would previously crash. Now this case is handled correctly.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/631\"\u003e#631\u003c/a\u003e - \u003cstrong\u003efix support for using an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e with \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e. This has been almost completely broken since the feature was added in v6.0.0, since it would outright crash on any text that featured two consecutive newlines between a pair of words (a very common case).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/635\"\u003e#635\u003c/a\u003e - \u003cstrong\u003esmall tweaks to tokenization behaviour of \u003ccode\u003ediffWords\u003c/code\u003e\u003c/strong\u003e when used \u003cem\u003ewithout\u003c/em\u003e an \u003ccode\u003eIntl.Segmenter\u003c/code\u003e. Specifically, the soft hyphen (U+00AD) is no longer considered to be a word break, and the multiplication and division signs (\u003ccode\u003e×\u003c/code\u003e and \u003ccode\u003e÷\u003c/code\u003e) are now treated as punctuation instead of as letters / word characters.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/ed13aca03aa25735fafc0645d1185e7a1c68fd8c\"\u003e\u003ccode\u003eed13aca\u003c/code\u003e\u003c/a\u003e Update version in package.json and in release notes (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/683\"\u003e#683\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/7a49317b503a932b88fc72ad9c57a481df038e24\"\u003e\u003ccode\u003e7a49317\u003c/code\u003e\u003c/a\u003e Bump dependencies again (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/682\"\u003e#682\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/afe5aecad189c9f5941ad3feb3c94c46b32ecb0a\"\u003e\u003ccode\u003eafe5aec\u003c/code\u003e\u003c/a\u003e Add Git support, and otherwise variously improve \u0026amp; fix parsePatch (and other ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/2e46779d8866ce7da1303a03db33ed038590...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate dependencies in rewrite-javascript to address security advisories and align with newer runtime requirements. Key upgrades include `diff` to 9.0.0, `picomatch` to 4.0.4, `lodash` to 4.18.1, and `uuid` to 14.0.0.\n\n- **Dependencies**\n  - Major: `diff` 7→9 (ES5 dropped, Git-style patch support, stricter parsing), `uuid` 8→14 (requires Node 20+), `jest-junit` 16→17 (Node 20+).\n  - Security/patch bumps: `picomatch` 4.0.4, `minimatch` 3.1.5/5.1.9, `js-yaml` 3.14.2, `lodash` 4.18.1, `tmp` 0.2.7.\n  - Tooling (.rewrite): `@openrewrite/recipes-npm` ^0.3.0 and `diff` 8.0.4.\n\n- **Migration**\n  - Ensure CI and local dev use Node 20+ (required by `uuid` 14 and `jest-junit` 17).\n  - If code relies on legacy `diff` parsing/formatting, re-run tests to catch behavior changes.\n\n\u003csup\u003eWritten for commit c6415b32f18733378eea66e1d48920454e5aacae. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/rewrite/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump `diff`, `jest-junit`, and `@openrewrite/recipes-npm` npm dependencies\n\u003e - Updates `diff` from `^7.0.0` to `^9.0.0` and `jest-junit` from `^16.0.0` to `^17.0.0` in [rewrite-javascript/rewrite/package.json](https://github.com/EmilynnJ/rewrite/pull/1/files#diff-dea5a34188cebd1bad49b0b122a0d15cc6ca27bb7bc6938597c533ac08f01ea0)\n\u003e - Updates `@openrewrite/recipes-npm` from `^0.1.9` to `^0.3.0` in [rewrite-javascript/rewrite/.rewrite/package.json](https://github.com/EmilynnJ/rewrite/pull/1/files#diff-19749b9e1aaded809330d96c1b07992926a87e7e6c7f8bbb8caa43149ceabeaf)\n\u003e - Lockfiles are updated accordingly in both directories\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized c6415b3.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/rewrite/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Frewrite/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-30T00:45:11.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4552542338","node_id":"PR_kwDOB6BcMc7g2kM3","number":745,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T00:45:11.000Z","updated_at":"2026-05-30T00:46:04.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"axios","old_version":"1.7.2","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"axios","old_version":"1.12.0","new_version":"1.16.1","repository_url":"https://github.com/axios/axios"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"next","old_version":"15.5.9","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"qs","old_version":"6.10.4","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"validator","old_version":"13.0.0","new_version":"13.15.22","repository_url":"https://github.com/validatorjs/validator.js"},{"name":"sanitize-html","old_version":"2.17.3","new_version":"2.17.4","repository_url":"https://github.com/apostrophecms/apostrophe"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"uuid","old_version":"9.0.1","new_version":"removed","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"i18next-fs-backend","old_version":"1.2.0","new_version":"removed","repository_url":"https://github.com/i18next/i18next-fs-backend"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.5.4","new_version":"7.6.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"tar-fs","old_version":"2.1.3","new_version":"2.1.4","repository_url":"https://github.com/mafintosh/tar-fs"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.2` | `1.16.1` |\n| [axios](https://github.com/axios/axios) | `1.12.0` | `1.16.1` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [next](https://github.com/vercel/next.js) | `15.5.9` | `15.5.18` |\n| [qs](https://github.com/ljharb/qs) | `6.10.4` | `6.15.2` |\n| [validator](https://github.com/validatorjs/validator.js) | `13.0.0` | `13.15.22` |\n| [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `2.17.3` | `2.17.4` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `removed` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [i18next-fs-backend](https://github.com/i18next/i18next-fs-backend) | `1.2.0` | `removed` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.6.1` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.3` | `2.1.4` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\n\nUpdates `axios` from 1.7.2 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.2...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.12.0 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.1 — May 13, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a defence-in-depth fix for prototype pollution in \u003ccode\u003eformDataToJSON\u003c/code\u003e, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Defence-in-Depth:\u003c/strong\u003e Hardened \u003ccode\u003eformDataToJSON\u003c/code\u003e against already-polluted \u003ccode\u003eObject.prototype\u003c/code\u003e by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Cleartext Leak:\u003c/strong\u003e Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCI Cache Removal:\u003c/strong\u003e Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eData URI Parsing:\u003c/strong\u003e Updated the \u003ccode\u003efromDataURI\u003c/code\u003e regex to match RFC 2397 more strictly, fixing edge cases in \u003ccode\u003edata:\u003c/code\u003e URL handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnicode Headers:\u003c/strong\u003e Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10850\"\u003e#10850\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Upload Progress:\u003c/strong\u003e Guarded against malformed \u003ccode\u003eProgressEvent\u003c/code\u003e payloads emitted by some environments during XHR upload, preventing crashes when \u003ccode\u003eloaded\u003c/code\u003e / \u003ccode\u003etotal\u003c/code\u003e are missing or invalid. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWebpack 4 Fetch Adapter:\u003c/strong\u003e Fixed an \u0026quot;unexpected token\u0026quot; error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10864\"\u003e#10864\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eType Definitions:\u003c/strong\u003e Made \u003ccode\u003eparseReviver\u003c/code\u003e \u003ccode\u003econtext.source\u003c/code\u003e optional in the type definitions to align with the ES2023 specification. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10837\"\u003e#10837\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eURL Object Support Reverted:\u003c/strong\u003e Reverted the change that allowed passing a \u003ccode\u003eURL\u003c/code\u003e object as \u003ccode\u003econfig.url\u003c/code\u003e (originally \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCycle Detection Refactor:\u003c/strong\u003e Replaced the array-based cycle tracker in \u003ccode\u003etoJSONObject\u003c/code\u003e with a \u003ccode\u003eWeakSet\u003c/code\u003e, improving performance and memory behaviour on large nested structures. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10832\"\u003e#10832\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecomposeSignals Cleanup:\u003c/strong\u003e Refactored \u003ccode\u003ecomposeSignals\u003c/code\u003e to use a clearer early-return structure, simplifying the cancellation/abort composition path. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10844\"\u003e#10844\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAI Readiness \u0026amp; Repo Docs:\u003c/strong\u003e Added \u003ccode\u003eAGENTS.md\u003c/code\u003e and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10835\"\u003e#10835\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10841\"\u003e#10841\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs Improvements:\u003c/strong\u003e Clarified the GET request example, fixed the interceptor \u003ccode\u003eeject\u003c/code\u003e example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSponsorship Tooling:\u003c/strong\u003e Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10843\"\u003e#10843\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10859\"\u003e#10859\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003e@commitlint/cli\u003c/code\u003e from 20.5.0 to 20.5.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10846\"\u003e#10846\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/hpinmetaverse\"\u003e\u003ccode\u003e@​hpinmetaverse\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10836\"\u003e#10836\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/tommyhgunz14\"\u003e\u003ccode\u003e@​tommyhgunz14\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7413\"\u003e#7413\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10829\"\u003e#10829\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/divyanshuraj1095\"\u003e\u003ccode\u003e@​divyanshuraj1095\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10853\"\u003e#10853\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/sagodi97\"\u003e\u003ccode\u003e@​sagodi97\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10856\"\u003e#10856\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/rkdfx\"\u003e\u003ccode\u003e@​rkdfx\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Liuwei1125\"\u003e\u003ccode\u003e@​Liuwei1125\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.16.0...v1.16.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197\"\u003e\u003ccode\u003e1337d6b\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10877\"\u003e#10877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e\"\u003e\u003ccode\u003e858a790\u003c/code\u003e\u003c/a\u003e fix: remove all caches (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10882\"\u003e#10882\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa\"\u003e\u003ccode\u003e34adfd9\u003c/code\u003e\u003c/a\u003e revert: \u0026quot;fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10874\"\u003e#10874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f\"\u003e\u003ccode\u003e847d89b\u003c/code\u003e\u003c/a\u003e fix: support URL object as config.url input (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10866\"\u003e#10866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212\"\u003e\u003ccode\u003e4094886\u003c/code\u003e\u003c/a\u003e fix(progress): guard malformed XHR upload events (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10868\"\u003e#10868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7\"\u003e\u003ccode\u003e44f0c5b\u003c/code\u003e\u003c/a\u003e chore: change sponsorship link and add Twicsy advertisement (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10869\"\u003e#10869\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6\"\u003e\u003ccode\u003e64e1095\u003c/code\u003e\u003c/a\u003e chore: update PR and issue template to use h2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10865\"\u003e#10865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280\"\u003e\u003ccode\u003e3e6b4e1\u003c/code\u003e\u003c/a\u003e fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129\"\u003e\u003ccode\u003ec4453ba\u003c/code\u003e\u003c/a\u003e fix: add the ability to add additional sponsors to the process sponsors scrip...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793\"\u003e\u003ccode\u003ecaa00a9\u003c/code\u003e\u003c/a\u003e fix: https data in cleartext to proxy (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10858\"\u003e#10858\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.2...v1.16.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.5.9 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.5.9...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.10.4 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.10.4...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `validator` from 13.0.0 to 13.15.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/validatorjs/validator.js/releases\"\u003evalidator's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e13.15.22\u003c/h2\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2622\"\u003e#2622\u003c/a\u003e \u003ccode\u003eisURL\u003c/code\u003e: fix regression with hostnames with ports \u003ca href=\"https://github.com/mbtools\"\u003e\u003ccode\u003e@​mbtools\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2616\"\u003e#2616\u003c/a\u003e \u003ccode\u003eisLength\u003c/code\u003e: improve handling Unicode variation selectors \u003ca href=\"https://github.com/koral\"\u003e\u003ccode\u003e@​koral\u003c/code\u003e\u003c/a\u003e--\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2621\"\u003e#2621\u003c/a\u003e \u003ca href=\"https://github.com/mbtools\"\u003e\u003ccode\u003e@​mbtools\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mbtools\"\u003e\u003ccode\u003e@​mbtools\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2622\"\u003evalidatorjs/validator.js#2622\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koral\"\u003e\u003ccode\u003e@​koral\u003c/code\u003e\u003c/a\u003e-- made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2616\"\u003evalidatorjs/validator.js#2616\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22\"\u003ehttps://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e13.15.20\u003c/h2\u003e\n\u003ch3\u003eFixes, New Locales and Enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2556\"\u003e#2556\u003c/a\u003e \u003ccode\u003eisMobilePhone\u003c/code\u003e: add \u003ccode\u003ear-QA\u003c/code\u003e locale \u003ca href=\"https://github.com/WardKhaddour\"\u003e\u003ccode\u003e@​WardKhaddour\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2576\"\u003e#2576\u003c/a\u003e \u003ccode\u003eisAlpha\u003c/code\u003e/\u003ccode\u003eisAlphanuneric\u003c/code\u003e: add Indic locales (\u003ccode\u003eta-IN\u003c/code\u003e, \u003ccode\u003ete-IN\u003c/code\u003e, \u003ccode\u003ekn-IN\u003c/code\u003e, \u003ccode\u003eml-IN\u003c/code\u003e, \u003ccode\u003egu-IN\u003c/code\u003e, \u003ccode\u003epa-IN\u003c/code\u003e, \u003ccode\u003eor-IN\u003c/code\u003e) \u003ca href=\"https://github.com/avadootharajesh\"\u003e\u003ccode\u003e@​avadootharajesh\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2574\"\u003e#2574\u003c/a\u003e \u003ccode\u003eisBase64\u003c/code\u003e: improve padding regex \u003ca href=\"https://github.com/KrayzeeKev\"\u003e\u003ccode\u003e@​KrayzeeKev\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2584\"\u003e#2584\u003c/a\u003e \u003ccode\u003eisVAT\u003c/code\u003e: improve \u003ccode\u003eFR\u003c/code\u003e locale \u003ca href=\"https://github.com/iamAmer\"\u003e\u003ccode\u003e@​iamAmer\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2608\"\u003e#2608\u003c/a\u003e \u003ccode\u003eisURL\u003c/code\u003e: improve protocol detection. Resolves CVE-2025-56200 \u003ca href=\"https://github.com/theofidry\"\u003e\u003ccode\u003e@​theofidry\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDoc fixes and others:\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2563\"\u003e#2563\u003c/a\u003e \u003ca href=\"https://github.com/stoneLeaf\"\u003e\u003ccode\u003e@​stoneLeaf\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2581\"\u003e#2581\u003c/a\u003e \u003ca href=\"https://github.com/camillobruni\"\u003e\u003ccode\u003e@​camillobruni\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/stoneLeaf\"\u003e\u003ccode\u003e@​stoneLeaf\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2563\"\u003evalidatorjs/validator.js#2563\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WardKhaddour\"\u003e\u003ccode\u003e@​WardKhaddour\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2556\"\u003evalidatorjs/validator.js#2556\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/avadootharajesh\"\u003e\u003ccode\u003e@​avadootharajesh\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/validatorjs/validator.js/pull/2576\"\u003evalidatorjs/validator.js#2576\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/KrayzeeKev\"\u003e\u003ccode\u003e@​KrayzeeKev\u003c/code\u003e\u003c/a\u003e made their first contributi...\n\n_Description has been truncated_","html_url":"https://github.com/NYPL/nypl-library-card-app/pull/745","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NYPL%2Fnypl-library-card-app/issues/745","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/745/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-29T23:01:26.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4552143701","node_id":"PR_kwDOBxbanc7g1STz","number":155,"state":"closed","title":"Bump minimatch","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-29T23:13:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-29T23:01:26.000Z","updated_at":"2026-05-30T01:03:45.000Z","time_to_close":716,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"}],"path":null,"ecosystem":"npm"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps  and [minimatch](https://github.com/isaacs/minimatch). These dependencies needed to be updated together.\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.3 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mechazawa/minidrone-js/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Mechazawa/minidrone-js/pull/155","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mechazawa%2Fminidrone-js/issues/155","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/155/packages"}},{"old_version":"3.1.2","new_version":"3.1.5","update_type":"patch","path":null,"pr_created_at":"2026-05-29T20:38:54.000Z","version_change":"3.1.2 → 3.1.5","issue":{"uuid":"4551480216","node_id":"PR_kwDOOfZVoc7gzJEk","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T20:38:54.000Z","updated_at":"2026-05-29T20:40:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":13,"packages":[{"name":"axios","old_version":"1.6.8","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"next","old_version":"15.1.1","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"nodemailer","old_version":"6.9.15","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"postcss","old_version":"8.4.31","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"braces","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/micromatch/braces"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.2","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"immutable","old_version":"4.3.4","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.6.8` | `1.16.0` |\n| [next](https://github.com/vercel/next.js) | `15.1.1` | `15.5.18` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `6.9.15` | `8.0.5` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.15` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.4` | `4.3.8` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `axios` from 1.6.8 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.6.8...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.1.1 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.1.1...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nodemailer` from 6.9.15 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/releases\"\u003enodemailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4\"\u003e8.0.4\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esanitize envelope size to prevent SMTP command injection (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651\"\u003e2d7b971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3\"\u003e8.0.3\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclean up addressparser and fix group name fallback producing undefined (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd\"\u003e9d55877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix cookie bugs, remove dead code, and improve hot-path efficiency (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524\"\u003ee8c8b92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor smtp-connection for clarity and add Node.js 6 syntax compat test (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7\"\u003ec5b48ea\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove familySupportCache that broke DNS resolution tests (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa\"\u003ec803d90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.1...v8.0.2\"\u003e8.0.2\u003c/a\u003e (2026-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emerge fragmented display names with unquoted commas in addressparser (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/fe27f7fd57f7587d897274438da2f628ad0ad7d9\"\u003efe27f7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.0...v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-02-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/7f8dde41438c66b8311e888fa5f8c518fcaba6f1\"\u003e7f8dde4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/381f628d55e62bb3131bd2a452fa1ce00bc48aea\"\u003e381f628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Gmail Workspace service configuration (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1787\"\u003e#1787\u003c/a\u003e) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/dc97ede417b3030b311771541b1f17f5ca76bcbf\"\u003edc97ede\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v7.0.13...v8.0.0\"\u003e8.0.0\u003c/a\u003e (2026-02-04)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md\"\u003enodemailer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4\"\u003e8.0.4\u003c/a\u003e (2026-03-25)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003esanitize envelope size to prevent SMTP command injection (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651\"\u003e2d7b971\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3\"\u003e8.0.3\u003c/a\u003e (2026-03-18)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclean up addressparser and fix group name fallback producing undefined (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/9d55877f8ed15a6aefd7ba76cbb6b6a6cdbcc4fd\"\u003e9d55877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix cookie bugs, remove dead code, and improve hot-path efficiency (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524\"\u003ee8c8b92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erefactor smtp-connection for clarity and add Node.js 6 syntax compat test (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c5b48ea61c28eabf347972f4198a12cdab226ff7\"\u003ec5b48ea\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove familySupportCache that broke DNS resolution tests (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa\"\u003ec803d90\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.1...v8.0.2\"\u003e8.0.2\u003c/a\u003e (2026-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emerge fragmented display names with unquoted commas in addressparser (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/fe27f7fd57f7587d897274438da2f628ad0ad7d9\"\u003efe27f7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.0...v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-02-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/7f8dde41438c66b8311e888fa5f8c518fcaba6f1\"\u003e7f8dde4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eabsorb TLS errors during socket teardown (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/381f628d55e62bb3131bd2a452fa1ce00bc48aea\"\u003e381f628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd Gmail Workspace service configuration (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1787\"\u003e#1787\u003c/a\u003e) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/dc97ede417b3030b311771541b1f17f5ca76bcbf\"\u003edc97ede\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v7.0.13...v8.0.0\"\u003e8.0.0\u003c/a\u003e (2026-02-04)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eError code 'NoAuth' renamed to 'ENOAUTH'\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/202cfb3e14010223204e9ba9f7430176be624f0f\"\u003e\u003ccode\u003e202cfb3\u003c/code\u003e\u003c/a\u003e chore(master): release 8.0.5 (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1809\"\u003e#1809\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/b634abf05959edcc7207cdaba2c6541f92994cbb\"\u003e\u003ccode\u003eb634abf\u003c/code\u003e\u003c/a\u003e docs: add CLAUDE.md with project conventions and release process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e\u003ccode\u003e95876b1\u003c/code\u003e\u003c/a\u003e fix: decode SMTP server responses as UTF-8 at line boundary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e\u003ccode\u003e0a43876\u003c/code\u003e\u003c/a\u003e fix: sanitize CRLF in transport name option to prevent SMTP command injection...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/08e59e64d0f8595fa535f07061787e0946372657\"\u003e\u003ccode\u003e08e59e6\u003c/code\u003e\u003c/a\u003e chore: update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d319753c34d2f0ced24d8eb1d7d866d965f59f4\"\u003e\u003ccode\u003e2d31975\u003c/code\u003e\u003c/a\u003e chore(master): release 8.0.4 (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1806\"\u003e#1806\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651\"\u003e\u003ccode\u003e2d7b971\u003c/code\u003e\u003c/a\u003e fix: sanitize envelope size to prevent SMTP command injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/4e702e97650aaff442a7bc040957ba9c53c614b8\"\u003e\u003ccode\u003e4e702e9\u003c/code\u003e\u003c/a\u003e chore(master): release 8.0.3 (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1804\"\u003e#1804\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/c803d901f195a21edbb2c276b2e116564467aaaa\"\u003e\u003ccode\u003ec803d90\u003c/code\u003e\u003c/a\u003e fix: remove familySupportCache that broke DNS resolution tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/e8c8b92f46f2a82d06d49cc9a6ffc26067f68524\"\u003e\u003ccode\u003ee8c8b92\u003c/code\u003e\u003c/a\u003e fix: fix cookie bugs, remove dead code, and improve hot-path efficiency\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v6.9.15...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for nodemailer since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.31 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.31...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `braces` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/74b2db2938fad48a2ea54a9c8bf27a37a62c350d\"\u003e\u003ccode\u003e74b2db2\u003c/code\u003e\u003c/a\u003e 3.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/88f1429a0f47e1dd3813de35211fc97ffda27f9e\"\u003e\u003ccode\u003e88f1429\u003c/code\u003e\u003c/a\u003e update eslint. lint, fix unit tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff\"\u003e\u003ccode\u003e415d660\u003c/code\u003e\u003c/a\u003e Snyk js braces 6838727 (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/190510f79db1adf21d92798b0bb6fccc1f72c9d6\"\u003e\u003ccode\u003e190510f\u003c/code\u003e\u003c/a\u003e fix tests, skip 1 test in test/braces.expand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/716eb9f12d820b145a831ad678618731927e8856\"\u003e\u003ccode\u003e716eb9f\u003c/code\u003e\u003c/a\u003e readme bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/a5851e57f45c3431a94d83fc565754bc10f5bbc3\"\u003e\u003ccode\u003ea5851e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/braces/issues/37\"\u003e#37\u003c/a\u003e from coderaiser/fix/vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/2092bd1fb108d2c59bd62e243b70ad98db961538\"\u003e\u003ccode\u003e2092bd1\u003c/code\u003e\u003c/a\u003e feature: braces: add maxSymbols (\u003ca href=\"https://github.com/micromatch/braces/issues/\"\u003ehttps://github.com/micromatch/braces/issues/\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3\"\u003e\u003ccode\u003e9f5b4cf\u003c/code\u003e\u003c/a\u003e fix: vulnerability (\u003ca href=\"https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\"\u003ehttps://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/98414f9f1fabe021736e26836d8306d5de747e0d\"\u003e\u003ccode\u003e98414f9\u003c/code\u003e\u003c/a\u003e remove funding file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/665ab5d561c017a38ba7aafd92cc6655b91d8c14\"\u003e\u003ccode\u003e665ab5d\u003c/code\u003e\u003c/a\u003e update keepEscaping doc (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/27\"\u003e#27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/braces/compare/3.0.2...3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.2 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.2...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.6 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.6...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 4.0.0 to 4.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/releases\"\u003eform-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4\"\u003ev4.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/811f68282fab0315209d0e2d1c44b6c32ea0d479\"\u003e\u003ccode\u003e811f682\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/1d11a76434d101f22fdb26b8aef8615f28b98402\"\u003e\u003ccode\u003e1d11a76\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0\"\u003e\u003ccode\u003e3d17230\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] fix linting errors \u003ca href=\"https://github.com/form-data/form-data/commit/5e340800b5f8914213e4e0378c084aae71cfd73a\"\u003e\u003ccode\u003e5e34080\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/316c82ba93fd4985af757b771b9a1f26d3b709ef\"\u003e\u003ccode\u003e316c82b\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/58c25d76406a5b0dfdf54045cf252563f2bbda8d\"\u003e\u003ccode\u003e58c25d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/2300ca19595b0ee96431e868fe2a40db79e41c61\"\u003e\u003ccode\u003e2300ca1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v4.0.2...v4.0.3\"\u003ev4.0.3\u003c/a\u003e - 2025-06-05\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] use a shared config \u003ca href=\"https://github.com/form-data/form-data/commit/426ba9ac440f95d1998dac9a5cd8d738043b048f\"\u003e\u003ccode\u003e426ba9a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix some spacing issues \u003ca href=\"https://github.com/form-data/form-data/commit/20941917f0e9487e68c564ebc3157e23609e2939\"\u003e\u003ccode\u003e2094191\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/81ab41b46fdf34f5d89d7ff30b513b0925febfaa\"\u003e\u003ccode\u003e81ab41b\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/8d8e4693093519f7f18e3c597d1e8df8c493de9e\"\u003e\u003ccode\u003e8d8e469\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/837b8a1f7562bfb8bda74f3fc538adb7a5858995\"\u003e\u003ccode\u003e837b8a1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/870e4e665935e701bf983a051244ab928e62d58e\"\u003e\u003ccode\u003e870e4e6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/e6e83ccb545a5619ed6cd04f31d5c2f655eb633e\"\u003e\u003ccode\u003ee6e83cc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/4066fd6f65992b62fa324a6474a9292a4f88c916\"\u003e\u003ccode\u003e4066fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/c4bbb13c0ef669916657bc129341301b1d331d75\"\u003e\u003ccode\u003ec4bbb13\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v4.0.1...v4.0.2\"\u003ev4.0.2\u003c/a\u003e - 2025-02-14\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix (npmignore): ignore temporary build files \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/532\"\u003e\u003ccode\u003e[#532](https://github.com/form-data/form-data/issues/532)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix (npmignore): ignore temporary build files \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/532\"\u003e\u003ccode\u003e[#532](https://github.com/form-data/form-data/issues/532)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v4.0.4...v4.0.5\"\u003ev4.0.5\u003c/a\u003e - 2025-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] Switch to newer v8 prediction library; enable node 24 testing \u003ca href=\"https://github.com/form-data/form-data/commit/16e00765342106876f98a1c9703314006c9e937a\"\u003e\u003ccode\u003e16e0076\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/5822467f0ec21f6ad613c1c90856375e498793c7\"\u003e\u003ccode\u003e5822467\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] set Symbol.toStringTag in the proper place \u003ca href=\"https://github.com/form-data/form-data/commit/76d0dee43933b5e167f7f09e5d9cbbd1cf911a...\n\n_Description has been truncated_","html_url":"https://github.com/harsh-mahobia/latest-portfolio/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/harsh-mahobia%2Flatest-portfolio/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}}]}