{"id":5334,"name":"underscore","ecosystem":"npm","repository_url":"https://github.com/jashkenas/underscore","issues_count":644,"created_at":"2025-06-06T17:12:16.305Z","updated_at":"2025-06-06T17:12:16.305Z","purl":"pkg:npm/underscore","metadata":{"id":2500333,"name":"underscore","ecosystem":"npm","description":"JavaScript's functional programming helper library.","homepage":"https://underscorejs.org","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/jashkenas/underscore","keywords_array":["util","functional","server","client","browser"],"namespace":null,"versions_count":54,"first_release_published_at":"2011-12-07T15:12:18.045Z","latest_release_published_at":"2024-07-24T20:39:20.856Z","latest_release_number":"1.13.7","last_synced_at":"2025-06-06T15:01:07.389Z","created_at":"2022-04-10T02:40:48.007Z","updated_at":"2025-06-06T15:02:51.368Z","registry_url":"https://www.npmjs.com/package/underscore","install_command":"npm install underscore","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"stable":"1.13.7","latest":"1.13.7"}},"repo_metadata":{"id":703250,"uuid":"349241","full_name":"jashkenas/underscore","owner":"jashkenas","description":"JavaScript's utility _ belt","archived":false,"fork":false,"pushed_at":"2025-04-09T15:56:55.000Z","size":7048,"stargazers_count":27390,"open_issues_count":52,"forks_count":5499,"subscribers_count":839,"default_branch":"master","last_synced_at":"2025-06-03T02:09:25.252Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://underscorejs.org","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jashkenas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"tidelift":"npm/underscore","patreon":"juliangonggrijp","github":["jgonggrijp"]}},"created_at":"2009-10-25T18:31:06.000Z","updated_at":"2025-05-31T17:24:56.000Z","dependencies_parsed_at":"2024-01-14T01:11:53.966Z","dependency_job_id":"a6061872-a96c-415b-8afc-7175a561f1ac","html_url":"https://github.com/jashkenas/underscore","commit_stats":{"total_commits":2036,"total_committers":343,"mean_commits":"5.9358600583090375","dds":0.7175834970530452,"last_synced_commit":"0d820ef7292cdec28dd8b5d565921b8100ca3397"},"previous_names":["documentcloud/underscore"],"tags_count":82,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jashkenas","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":258422546,"owners_count":22698488,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"jashkenas","name":"Jeremy Ashkenas","uuid":"4732","kind":"user","description":"🏍 🛣 🌎   I miss _why.","email":"","website":"http://ashkenas.com","location":"Berkeley","twitter":"jashkenas","company":null,"icon_url":"https://avatars.githubusercontent.com/u/4732?u=1ce1aba113b641e1a110345609830aec2b056121\u0026v=4","repositories_count":23,"last_synced_at":"2024-04-08T08:58:45.670Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/jashkenas","funding_links":[],"total_stars":78200,"followers":13192,"following":0,"created_at":"2022-11-02T16:19:02.055Z","updated_at":"2024-04-08T08:58:53.885Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jashkenas","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jashkenas/repositories"},"tags":[{"name":"1.13.7","sha":"d2e7e613a597bec6b16c946e42c91950dcc1a215","kind":"tag","published_at":"2024-07-24T20:41:57.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.7","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.7/manifests"},{"name":"1.13.6","sha":"bd2d35c87620a7da36250a006c97fdae89f4902d","kind":"tag","published_at":"2022-09-23T22:43:27.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.6","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.6/manifests"},{"name":"1.13.5","sha":"68e5eb68635548846b4663479b9d0fc78d090b0a","kind":"tag","published_at":"2022-09-23T19:25:19.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.5","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.5/manifests"},{"name":"1.13.4","sha":"a15d1afc708ec23894880b2ec4c1eb309447a906","kind":"tag","published_at":"2022-06-02T12:41:55.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.4","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.4/manifests"},{"name":"1.13.3","sha":"e7e719eba6a03d08e52b6f352491172ca4a13cb7","kind":"tag","published_at":"2022-04-23T18:57:57.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.3","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.3/manifests"},{"name":"1.13.2","sha":"33383fe35cdaf90ff1aa12e20067f44cbe267e87","kind":"tag","published_at":"2021-12-16T10:21:31.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.2/manifests"},{"name":"1.13.1","sha":"943977e34e2279503528a71ddcc2dd5f96483945","kind":"tag","published_at":"2021-04-15T13:21:52.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.1/manifests"},{"name":"1.13.0","sha":"7054a54d63af2ed1c99eb3707836da709b5e625e","kind":"tag","published_at":"2021-04-09T19:00:09.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.0/manifests"},{"name":"1.13.0-3","sha":"62c6ad01f4a24ae4a6bf995e6166c37174d13f8b","kind":"tag","published_at":"2021-03-31T18:19:42.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.0-3","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.0-3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.0-3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.0-3/manifests"},{"name":"1.12.1","sha":"c627e3847981e0f573f43d6ef6c9c10ab5891d50","kind":"tag","published_at":"2021-03-29T15:14:16.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.12.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.12.1/manifests"},{"name":"1.13.0-2","sha":"163f032bddbc657f1d2575ff030001b0a5062cd3","kind":"tag","published_at":"2021-03-14T20:34:14.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.0-2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.0-2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.0-2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.0-2/manifests"},{"name":"1.13.0-1","sha":"9f88a5eac60c0b6f728af5ca719b53c03acc91cb","kind":"tag","published_at":"2021-03-11T23:56:08.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.0-1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.0-1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.0-1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.0-1/manifests"},{"name":"1.13.0-0","sha":"645f8fa1d5d33711e2899b966ecc5c759aab87df","kind":"tag","published_at":"2021-03-10T04:22:35.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.13.0-0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.13.0-0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.0-0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.13.0-0/manifests"},{"name":"1.12.0","sha":"d10beb98830381f68dc38d41d8aeb1f08906dba1","kind":"tag","published_at":"2020-11-24T00:43:14.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.12.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.12.0/manifests"},{"name":"1.11.0","sha":"7ee13c8a470e1a1c6bd6d5f3fee29e92d40b6c17","kind":"commit","published_at":"2020-08-28T20:01:15.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.11.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.11.0/manifests"},{"name":"1.10.2","sha":"2a932470303157072015d5ab7f26d40b9deb4634","kind":"commit","published_at":"2020-03-30T21:27:32.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.10.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.10.2/manifests"},{"name":"1.10.1","sha":"db4a3595805a816278caeb19f84a2ad7249d5b81","kind":"commit","published_at":"2020-03-30T18:18:21.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.10.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.10.1/manifests"},{"name":"1.10.0","sha":"985fce601cd38d0a793dff4eff19531b9d6bfe33","kind":"commit","published_at":"2020-03-30T17:29:07.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.10.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.10.0/manifests"},{"name":"1.9.2","sha":"853dd761cb58ebf57e94e0ab13d080970214aa16","kind":"commit","published_at":"2020-01-06T21:27:15.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.9.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.9.2/manifests"},{"name":"1.9.1","sha":"ae037f7c41323807ae6f1533c45512e6d31a1574","kind":"commit","published_at":"2018-05-31T21:11:19.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.9.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.9.1/manifests"},{"name":"1.9.0","sha":"cbecaf0377a3fde1e25fdb3d3138b27466bc4eb7","kind":"commit","published_at":"2018-04-18T18:39:30.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.9.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.9.0/manifests"},{"name":"1.8.3","sha":"e4743ab712b8ab42ad4ccb48b155034d02394e4d","kind":"commit","published_at":"2015-04-02T15:32:01.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.8.3","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.8.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.8.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.8.3/manifests"},{"name":"1.8.2","sha":"19db749b190a7cb5a8b7ab1aab42c0e9dc517250","kind":"commit","published_at":"2015-02-22T14:13:43.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.8.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.8.2/manifests"},{"name":"1.8.1","sha":"834acb6dde9665b9d1c1700e3aeee7e253e9d76f","kind":"commit","published_at":"2015-02-20T03:15:35.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.8.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.8.1/manifests"},{"name":"1.8.0","sha":"1aed9ec063715cd6a69fdd42b29d4ee40b3a00b2","kind":"commit","published_at":"2015-02-20T00:08:54.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.8.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.8.0/manifests"},{"name":"1.7.0","sha":"da996e665deb0b69b257e80e3e257c04fde4191c","kind":"commit","published_at":"2014-08-26T22:16:18.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.7.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.7.0/manifests"},{"name":"1.6.0","sha":"1f4bf626f23a99f7a676f5076dc1b1475554c8f7","kind":"commit","published_at":"2014-02-10T21:15:59.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.6.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.6.0/manifests"},{"name":"1.5.2","sha":"101c10a60019fe870d21868835f65c25d64968fc","kind":"commit","published_at":"2013-09-07T12:58:21.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.5.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.5.2/manifests"},{"name":"1.5.1","sha":"edbf2952c2b71f81c6449aef384bdf233a0d63bc","kind":"commit","published_at":"2013-07-08T08:35:16.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.5.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.5.1/manifests"},{"name":"1.5.0","sha":"dedccb4e687c535655b3d6e11e3cc60cf4bdb862","kind":"commit","published_at":"2013-07-06T18:04:41.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.5.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.5.0/manifests"},{"name":"1.4.4","sha":"484bdb43ec4a9dd6a40e60a2d25317bec7aeb43f","kind":"commit","published_at":"2013-01-30T02:13:24.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.4.4","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.4.4/manifests"},{"name":"1.4.3","sha":"78887cffb53ed372811b5cc1239e0ecdf701a5c8","kind":"commit","published_at":"2012-12-04T18:48:01.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.4.3","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.4.3/manifests"},{"name":"1.4.2","sha":"87cac5bd057ceafd6f779b1df33de61ca21b5e1d","kind":"commit","published_at":"2012-10-07T03:04:37.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.4.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.4.2/manifests"},{"name":"1.4.1","sha":"29e1ba38f6d16b17e4b6b7805be8e1be2d27cb83","kind":"commit","published_at":"2012-10-01T17:20:03.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.4.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.4.1/manifests"},{"name":"1.4.0","sha":"37609e8398cd3e5d41006321e59e6c0cc3f87f87","kind":"commit","published_at":"2012-09-27T22:02:37.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.4.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.4.0/manifests"},{"name":"1.3.3","sha":"599d31101b7a7b896ff73e338d26ae698833f878","kind":"commit","published_at":"2012-04-10T14:43:26.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.3.3","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.3.3/manifests"},{"name":"1.3.2","sha":"e80bbe6d03193743a8d3e3d2d8bb365451382de8","kind":"commit","published_at":"2012-04-09T18:37:49.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.3.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.3.2/manifests"},{"name":"1.3.1","sha":"eeea70c457db3aebaef5b9251661f779844758fe","kind":"commit","published_at":"2012-01-23T22:56:29.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.3.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.3.1/manifests"},{"name":"1.3.0","sha":"dd09162b8c216f3fd09dfc85446df420962c7376","kind":"commit","published_at":"2012-01-11T16:41:14.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.3.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.3.0/manifests"},{"name":"1.2.4","sha":"4946c549b2f236245aa619109b44308a6641ada5","kind":"commit","published_at":"2012-01-04T21:17:00.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.2.4","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.2.4/manifests"},{"name":"1.2.3","sha":"813bb57bf07d507790c6d0957dd113f0cbff0f5e","kind":"commit","published_at":"2011-12-07T15:12:08.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.2.3","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.2.3/manifests"},{"name":"1.2.2","sha":"8c346141dc9687c5952991195eefe1988cf92124","kind":"commit","published_at":"2011-11-14T20:28:19.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.2.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.2.2/manifests"},{"name":"1.2.1","sha":"bffdb50f9bb1f44252c5d5e53c48afef5065ad4a","kind":"commit","published_at":"2011-10-24T18:23:36.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.2.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.2.1/manifests"},{"name":"1.2.0","sha":"7304084e94841832ff00a3b4c4a7d3a79eb35e04","kind":"commit","published_at":"2011-10-05T21:30:20.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.2.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.2.0/manifests"},{"name":"1.1.7","sha":"39b07d7b2cdbcf2f37b1239772ba58617f7c3650","kind":"commit","published_at":"2011-07-13T21:02:12.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.1.7","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.7/manifests"},{"name":"1.1.6","sha":"b6176158199acfbb400e712b6333941c130f371a","kind":"commit","published_at":"2011-04-18T13:08:52.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.1.6","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.6/manifests"},{"name":"1.1.5","sha":"c5ba70254280eb5656e26607ebf5b6bd8c54047d","kind":"commit","published_at":"2011-03-21T00:20:08.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.1.5","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.5/manifests"},{"name":"1.1.4","sha":"f03d5fa57c7ff2375af149803058053c046b4230","kind":"commit","published_at":"2011-01-09T19:03:45.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.1.4","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.4/manifests"},{"name":"1.1.3","sha":"c714175cf17f59a60b848a1f3bdaa1e3076fc1c1","kind":"commit","published_at":"2010-12-01T17:49:45.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.1.3","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.3/manifests"},{"name":"1.1.2","sha":"8fe19f20238658015a9a1e1def12c0e4af172e5f","kind":"commit","published_at":"2010-10-15T21:21:41.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.1.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.2/manifests"},{"name":"1.1.1","sha":"faa672ecd9613cbc467510e684826fd071983ae7","kind":"commit","published_at":"2010-10-05T21:52:36.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.1.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.1/manifests"},{"name":"1.1.0","sha":"fc90d57e36266b9b68efcda461aa4bf0425242cd","kind":"commit","published_at":"2010-08-18T13:26:36.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.1.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.1.0/manifests"},{"name":"1.0.4","sha":"29e2c832bcfc673f1638afcf238787cc7e914dd3","kind":"commit","published_at":"2010-06-22T13:21:03.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.0.4","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.0.4/manifests"},{"name":"1.0.3","sha":"bce016fc7271c2074b68996e7c169ddc6f676f52","kind":"commit","published_at":"2010-06-14T19:59:24.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.0.3","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.0.3/manifests"},{"name":"1.0.2","sha":"c8858f4c8fd6afd6905bf77d9ae7272936d53c91","kind":"commit","published_at":"2010-03-23T15:06:11.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.0.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.0.2/manifests"},{"name":"1.0.1","sha":"a6578068d212e51aa1988eb7b454ab4a55fd6217","kind":"commit","published_at":"2010-03-19T14:07:21.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.0.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.0.1/manifests"},{"name":"1.0.0","sha":"1d787815af896dd8b8241d09da867f22dda10cad","kind":"commit","published_at":"2010-03-18T15:41:02.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/1.0.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/1.0.0/manifests"},{"name":"0.6.0","sha":"b8a633a5fd0e40a9897db57fcb04c92be7baee46","kind":"commit","published_at":"2010-02-24T20:10:40.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.6.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.6.0/manifests"},{"name":"0.5.8","sha":"5b5ee87c7a2fa0aa092dc8e87c83973c6c112f4b","kind":"commit","published_at":"2010-01-28T05:55:41.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.5.8","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.5.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.8/manifests"},{"name":"0.5.7","sha":"30858c50a809fda225a1b48043b2ed0576e50166","kind":"commit","published_at":"2010-01-20T18:50:08.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.5.7","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.5.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.7/manifests"},{"name":"0.5.6","sha":"7d9e603be862a66a093c0062a580d5fc8c95ce1b","kind":"commit","published_at":"2010-01-18T17:45:04.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.5.6","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.5.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.6/manifests"},{"name":"0.5.5","sha":"cda9099a210e27c49b367b3839bef76e49d6b386","kind":"commit","published_at":"2010-01-10T00:34:32.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.5.5","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.5.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.5/manifests"},{"name":"0.5.4","sha":"0a8a4834b2690a3ae758eb345557af4ed37ec715","kind":"commit","published_at":"2010-01-05T16:26:14.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.5.4","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.4/manifests"},{"name":"0.5.3","sha":"fde8b1f63f4d1a4365ff968a76c19b22edafb591","kind":"commit","published_at":"2010-01-04T16:34:26.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.5.3","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.3/manifests"},{"name":"0.5.2","sha":"385404b685145f2b02be8e81f8e46b654275edca","kind":"commit","published_at":"2010-01-02T02:32:44.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.5.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.2/manifests"},{"name":"0.5.1","sha":"a418153800891ab7521f0559e995e0dbac6f2c9a","kind":"commit","published_at":"2009-12-09T19:36:19.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.5.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.1/manifests"},{"name":"0.5.0","sha":"f2670259d1a5895a0e56711ce24478f097bf52d3","kind":"commit","published_at":"2009-12-07T05:14:07.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.5.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.5.0/manifests"},{"name":"0.4.7","sha":"4bd535e7f11ee4570a534e30ced65b93eae4894f","kind":"commit","published_at":"2009-12-06T19:13:25.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.4.7","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.4.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.7/manifests"},{"name":"0.4.6","sha":"4b2744a75adb3697ae2c99101704abdf512551dd","kind":"commit","published_at":"2009-12-01T04:20:11.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.4.6","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.4.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.6/manifests"},{"name":"0.4.5","sha":"ae968a6ea06dd4fd6f5184b3e6d14f9a077b3d01","kind":"commit","published_at":"2009-11-19T14:37:56.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.4.5","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.5/manifests"},{"name":"0.4.4","sha":"c9e46262abd6a2f7ec1f002760a7595c4e2a06e4","kind":"commit","published_at":"2009-11-18T21:09:55.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.4.4","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.4/manifests"},{"name":"0.4.3","sha":"b5e1101610ac5a957e685acf9494e0d297b41d5f","kind":"commit","published_at":"2009-11-10T03:17:47.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.4.3","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.3/manifests"},{"name":"0.4.2","sha":"f6e67a5bf28bc544b1acd84d168e4f9d58427610","kind":"commit","published_at":"2009-11-09T13:28:32.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.4.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.2/manifests"},{"name":"0.4.1","sha":"7127d404d2addc9a8518b95ee34c4bc012c43898","kind":"commit","published_at":"2009-11-08T19:25:54.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.4.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.1/manifests"},{"name":"0.4.0","sha":"ed37b9df4953d554d3f72dd3b0d9df8fb1efad91","kind":"commit","published_at":"2009-11-07T19:29:40.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.4.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.4.0/manifests"},{"name":"0.3.3","sha":"d4a5ed6a733c75c6b1813e17a5ff5063ac087db7","kind":"commit","published_at":"2009-10-31T12:26:03.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.3.3","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.3.3/manifests"},{"name":"0.3.2","sha":"d2d1285e26a206278ae9f711a589b5e49f54c60e","kind":"commit","published_at":"2009-10-29T18:45:56.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.3.2","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.3.2/manifests"},{"name":"0.3.1","sha":"4d09a85bae8691876c4c767451449daac88eac82","kind":"commit","published_at":"2009-10-29T15:12:41.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.3.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.3.1/manifests"},{"name":"0.3.0","sha":"e381f7b626107165b86b7549b90b32245e934b8a","kind":"commit","published_at":"2009-10-29T04:04:00.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.3.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.3.0/manifests"},{"name":"0.2.0","sha":"4a83fcdd260f61f253f3349740ee304074867aff","kind":"commit","published_at":"2009-10-28T22:49:50.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.2.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.2.0/manifests"},{"name":"0.1.1","sha":"6d52832a73dcedffd8838ebe0d12fc1d4841588b","kind":"commit","published_at":"2009-10-28T16:37:55.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.1.1","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.1.1/manifests"},{"name":"0.1.0","sha":"f4299d7427abc59bca5b9c69904f25d0bf0f6791","kind":"commit","published_at":"2009-10-28T12:58:00.000Z","download_url":"https://codeload.github.com/jashkenas/underscore/tar.gz/0.1.0","html_url":"https://github.com/jashkenas/underscore/releases/tag/0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jashkenas%2Funderscore/tags/0.1.0/manifests"}]},"repo_metadata_updated_at":"2025-06-06T15:02:51.368Z","dependent_packages_count":25330,"downloads":62844288,"downloads_period":"last-month","dependent_repos_count":738210,"rankings":{"downloads":0.030747545946088025,"dependent_repos_count":0.042028034752667066,"dependent_packages_count":0.004408152179269966,"stargazers_count":0.5425860356310119,"forks_count":0.4574347730376604,"docker_downloads_count":0.033759326938135825,"average":0.1851606447474722},"purl":"pkg:npm/underscore","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmNGgtM2poeC14dmhx","url":"https://github.com/advisories/GHSA-cf4h-3jhx-xvhq","title":"Arbitrary Code Execution in underscore","description":"The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2021-05-06T16:09:43.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2021-23358","https://github.com/jashkenas/underscore/pull/2917","https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66","https://github.com/jashkenas/underscore/releases/tag/1.12.1","https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984","https://www.npmjs.com/package/underscore","https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71","https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html","https://www.debian.org/security/2021/dsa-4883","https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E","https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E","https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E","https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E","https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E","https://www.tenable.com/security/tns-2021-14","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505","https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503","https://github.com/advisories/GHSA-cf4h-3jhx-xvhq"],"source_kind":"github","identifiers":["GHSA-cf4h-3jhx-xvhq","CVE-2021-23358"],"repository_url":"https://github.com/jashkenas/underscore","blast_radius":57.50816325495027,"packages":[{"versions":[{"first_patched_version":"1.12.1","vulnerable_version_range":"\u003e= 1.3.2, \u003c 1.12.1"}],"ecosystem":"npm","package_name":"underscore"}],"created_at":"2022-12-21T16:13:08.986Z","updated_at":"2025-02-18T01:10:40.770Z","epss_percentage":0.00658,"epss_percentile":0.79755}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/underscore","docker_dependents_count":8519,"docker_downloads_count":3760584110,"usage_url":"https://repos.ecosyste.ms/usage/npm/underscore","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/underscore/dependencies","status":null,"funding_links":["https://tidelift.com/funding/github/npm/underscore","https://patreon.com/juliangonggrijp","https://github.com/sponsors/jgonggrijp"],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/underscore/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/underscore/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/underscore/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/underscore/related_packages","maintainers":[{"uuid":"jashkenas","login":"jashkenas","name":null,"email":"jashkenas@gmail.com","url":null,"packages_count":8,"html_url":"https://www.npmjs.com/~jashkenas","role":null,"created_at":"2022-11-10T11:13:44.538Z","updated_at":"2022-11-10T11:13:44.538Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/jashkenas/packages"},{"uuid":"jgonggrijp","login":"jgonggrijp","name":null,"email":"dev@juliangonggrijp.com","url":null,"packages_count":19,"html_url":"https://www.npmjs.com/~jgonggrijp","role":null,"created_at":"2022-11-10T11:13:44.542Z","updated_at":"2022-11-10T11:13:44.542Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/jgonggrijp/packages"}],"registry":{"name":"npmjs.org","url":"https://registry.npmjs.org","ecosystem":"npm","default":true,"packages_count":5006547,"maintainers_count":1012938,"namespaces_count":295512,"keywords_count":700181,"github":"npm","metadata":{"funded_packages_count":150239},"icon_url":"https://github.com/npm.png","created_at":"2022-04-04T15:19:23.081Z","updated_at":"2025-06-06T05:58:05.971Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/namespaces"}},"unique_repositories_count":460,"unique_repositories_count_past_30_days":21,"recent_issues":[{"uuid":"4554029869","node_id":"PR_kwDOP78JWM7g7O4V","number":1,"state":"open","title":"Build(deps): Bump the npm_and_yarn group across 1 directory with 27 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:48:40.000Z","updated_at":"2026-05-30T09:51:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps): Bump","group_name":"npm_and_yarn","update_count":27,"packages":[{"name":"axios","old_version":"1.7.2","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.1.6","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"uuid","old_version":"9.0.1","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"storybook","old_version":"9.1.4","new_version":"9.1.20","repository_url":"https://github.com/storybookjs/storybook"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"2.4.0","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"bn.js","old_version":"5.2.1","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"bn.js","old_version":"4.12.0","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"svgo","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"rollup","old_version":"3.29.4","new_version":"3.30.0","repository_url":"https://github.com/rollup/rollup"},{"name":"immutable","old_version":"4.3.6","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"js-cookie","old_version":"2.2.1","new_version":"3.0.8","repository_url":"https://github.com/js-cookie/js-cookie"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"pbkdf2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/browserify/pbkdf2"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"serialize-javascript","old_version":"6.0.2","new_version":"removed","repository_url":"https://github.com/yahoo/serialize-javascript"},{"name":"underscore","old_version":"1.13.6","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"webpack","old_version":"5.89.0","new_version":"5.107.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 25 updates in the /web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.2` | `1.16.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.1.6` | `3.4.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `9.1.4` | `9.1.20` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `2.4.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [bn.js](https://github.com/indutny/bn.js) | `5.2.1` | `5.2.3` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [rollup](https://github.com/rollup/rollup) | `3.29.4` | `3.30.0` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.6` | `4.3.8` |\n| [js-cookie](https://github.com/js-cookie/js-cookie) | `2.2.1` | `3.0.8` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.6` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.6` | `1.13.8` |\n| [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.107.2` |\n\n\nUpdates `axios` from 1.7.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.1.6 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003eADD_FORBID_CONTENTS\u003c/code\u003e setting to extend default list, thanks \u003ca href=\"https://github.com/MariusRumpf\"\u003e\u003ccode\u003e@​MariusRumpf\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated the ESM import syntax to be more correct, thanks \u003ca href=\"https://github.com/binhpv\"\u003e\u003ccode\u003e@​binhpv\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the SVG \u003ccode\u003emask-type\u003c/code\u003e attribute to default allow-list, thanks \u003ca href=\"https://github.com/prasadrajandran\"\u003e\u003ccode\u003e@​prasadrajandran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003eADD_ATTR\u003c/code\u003e and \u003ccode\u003eADD_TAGS\u003c/code\u003e to accept functions, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with the \u003ccode\u003eslot\u003c/code\u003e element being in both SVG and HTML allow-list, thanks \u003ca href=\"https://github.com/Wim-Valgaeren\"\u003e\u003ccode\u003e@​Wim-Valgaeren\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded new attributes and elements to default allow-list, thanks \u003ca href=\"https://github.com/elrion018\"\u003e\u003ccode\u003e@​elrion018\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003etagName\u003c/code\u003e parameter to custom element \u003ccode\u003eattributeNameCheck\u003c/code\u003e, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better check for animated \u003ccode\u003ehref\u003c/code\u003e attributes, thanks \u003ca href=\"https://github.com/llamakko\"\u003e\u003ccode\u003e@​llamakko\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated and improved the bundled types, thanks \u003ca href=\"https://github.com/ssi02014\"\u003e\u003ccode\u003e@​ssi02014\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated several tests to better align with new browser encoding behaviors\u003c/li\u003e\n\u003cli\u003eImproved the handling of potentially risky content inside CDATA elements, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved the regular expression for raw-text elements to cover textareas, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.1.6...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 9.0.1 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `storybook` from 9.1.4 to 9.1.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/releases\"\u003estorybook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.1.20\u003c/h2\u003e\n\u003ch2\u003e9.1.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd request validation\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev9.1.19\u003c/h2\u003e\n\u003ch2\u003e9.1.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev9.1.18\u003c/h2\u003e\n\u003ch2\u003e9.1.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/blob/v9.1.20/CHANGELOG.md\"\u003estorybook's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.1.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd request validation\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.16\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Fix Nextjs project creation in empty directories - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32828\"\u003e#32828\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCore: Add \u003ccode\u003eexperimental_devServer\u003c/code\u003e preset - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32862\"\u003e#32862\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Fix preview-first-load event - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32859\"\u003e#32859\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCore: Add \u003ccode\u003epreview-first-load\u003c/code\u003e telemetry - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32770\"\u003e#32770\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eDependencies: Update \u003ccode\u003evite-plugin-storybook-nextjs\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32821\"\u003e#32821\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNextJS: Add NextJS 16 support - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32791\"\u003e#32791\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Vitest: Support Vitest 4 - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32819\"\u003e#32819\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCSF: Fix \u003ccode\u003eplay-fn\u003c/code\u003e tag for methods - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32695\"\u003e#32695\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNextjs: Fix config access for Vite - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32759\"\u003e#32759\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMaintenance: Hotfix for missing nextjs dts files, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAutomigration: Improve the viewport/backgrounds automigration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32619\"\u003e#32619\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eMocking: Fix \u003ccode\u003esb.mock\u003c/code\u003e usage in Storybook's deployed in subpaths - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32678\"\u003e#32678\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNextJS-Vite: Automatically fix bad PostCSS configuration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32691\"\u003e#32691\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eReact Native Web: Fix REACT_NATIVE_AND_RNW should detect vite builder - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32718\"\u003e#32718\u003c/a\u003e, thanks \u003ca href=\"https://github.com/dannyhw\"\u003e\u003ccode\u003e@​dannyhw\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Add metadata for react routers - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32615\"\u003e#32615\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAutomigrations: Add automigration for viewport and backgrounds - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/31614\"\u003e#31614\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Log userAgent in onboarding - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32566\"\u003e#32566\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/f4eff4835ee6076bddf2fa2c8af680afebfaba0e\"\u003e\u003ccode\u003ef4eff48\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.19\u0026quot; to \u0026quot;9.1.20\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/046ce4d35020916e996521e04c18abfdf1052eaa\"\u003e\u003ccode\u003e046ce4d\u003c/code\u003e\u003c/a\u003e Formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/98e74eb845a2f7f4d6a65d719284bc0a459395d6\"\u003e\u003ccode\u003e98e74eb\u003c/code\u003e\u003c/a\u003e Clarify hostname validation for HTTP requests and WebSocket connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/5f27e882807b4816fba5d30490232706dc8354e7\"\u003e\u003ccode\u003e5f27e88\u003c/code\u003e\u003c/a\u003e Core: Backport origin/host validation and update related configurations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/20887f19d26d1f6e74712eeec4812f325031420b\"\u003e\u003ccode\u003e20887f1\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.18\u0026quot; to \u0026quot;9.1.19\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/66b2d8e30b1c235c198b8de0696755a13a72ceae\"\u003e\u003ccode\u003e66b2d8e\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/31f16c4cd46f9435e1558204cdccb6bf6b880c7f\"\u003e\u003ccode\u003e31f16c4\u003c/code\u003e\u003c/a\u003e fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/62dd25b508d3b8cd771cfadcac9a9f41881c0e11\"\u003e\u003ccode\u003e62dd25b\u003c/code\u003e\u003c/a\u003e Core: Require token for websocket connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/bbe61e351b4b45cd17c7d8005e48e4cab60a0315\"\u003e\u003ccode\u003ebbe61e3\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.17\u0026quot; to \u0026quot;9.1.18\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/d0d5a3d645df3493ad935e321d1ef101679cfc2e\"\u003e\u003ccode\u003ed0d5a3d\u003c/code\u003e\u003c/a\u003e Bump version from 9.1.16 to 9.1.17 MANUALLY\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/storybookjs/storybook/commits/v9.1.20/code/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for storybook since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate web dependencies to pick up security fixes, reliability improvements, and build hardening. Highlights include `axios` 1.16, `dompurify` 3.4, `lodash` 4.18, `uuid` 14, `postcss` 8.5, `storybook` 9.1, and removal of `serialize-javascript`.\n\n- **Dependencies**\n  - Security/bug fixes: `dompurify` 3.4.0, `lodash` 4.18.1, `postcss` 8.5.15, `storybook` 9.1.20.\n  - HTTP client: `axios` 1.16.0 enforces body/content limits and fixes redirects/headers.\n  - Breaking: `uuid` 14.0.0 expects global `crypto` and requires Node 20+; adds buffer bounds checks.\n  - Tooling: `webpack` 5.107.2, `terser-webpack-plugin` 5.6.1; removed `serialize-javascript`.\n  - App libs: `@antv/g2` 5.4.8, `ahooks` 3.9.7, plus assorted patch updates.\n\n- **Migration**\n  - Use Node 20+ locally and in CI for web builds and Storybook.\n  - If `uuid` runs in Node/SSR, ensure the environment provides global `crypto`; in browsers, verify `window.crypto` is available.\n  - Remove any direct `serialize-javascript` imports if present and reinstall dependencies.\n  - If you have custom Storybook networking/proxy settings, verify the preview connects after the websocket/request validation changes.\n\n\u003csup\u003eWritten for commit e748ef93c31e7903500a6c7e83e7506c6e3c020e. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/ragflow/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 27 npm dependencies in web package\n\u003e Updates dependencies in [package.json](https://github.com/EmilynnJ/ragflow/pull/1/files#diff-b861012a5dd72b8a9f3281b7cf09f5a779c98569d040b1bbc1db50f1b15e7cce), including major version bumps to `uuid` (9→14) and `axios` (1.6→1.16), plus minor/patch updates to `@antv/g2`, `ahooks`, `dompurify`, `lodash`, `postcss`, `storybook`, and `terser-webpack-plugin`.\n\u003e\n\u003e - Risk: `uuid` v14 and `axios` v1.16 may include breaking API changes that could affect runtime behavior.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized e748ef9.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/ragflow/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fragflow/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4552302770","node_id":"PR_kwDOR9nArM7g1yCr","number":5,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T23:48:40.000Z","updated_at":"2026-05-29T23:49:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"turbo","old_version":"2.5.2","new_version":"2.9.14","repository_url":"https://github.com/vercel/turborepo"},{"name":"vite","old_version":"6.3.4","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"svelte","old_version":"4.2.19","new_version":"5.55.7","repository_url":"https://github.com/sveltejs/svelte"},{"name":"ws","old_version":"8.17.1","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"webpack-dev-server","old_version":"5.2.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"next","old_version":"15.4.0","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.22.5","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.3","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.6","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"tar","old_version":"7.4.3","new_version":"7.5.15","repository_url":"https://github.com/isaacs/node-tar"},{"name":"underscore","old_version":"1.13.2","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [turbo](https://github.com/vercel/turborepo) | `2.5.2` | `2.9.14` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.4` | `6.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `4.2.19` | `5.55.7` |\n| [ws](https://github.com/websockets/ws) | `8.17.1` | `8.20.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` |\n| [next](https://github.com/vercel/next.js) | `15.4.0` | `15.5.18` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.22.5` | `7.29.7` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.3` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.6` | `4.7.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.15` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.2` | `1.13.8` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\n\nUpdates `turbo` from 2.5.2 to 2.9.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/turborepo/releases\"\u003eturbo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTurborepo v2.9.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains important security fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eHigh:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-5xc8-49mv-x4mm\"\u003eGHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLow:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-hcf7-66rw-9f5r\"\u003eGHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-3qcw-2rhx-2726\"\u003eGHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Release 2.9.13 by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12803\"\u003evercel/turborepo#12803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\"\u003ehttps://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eTurborepo v2.9.13-canary.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.11-canary.7 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12768\"\u003evercel/turborepo#12768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow \u003ccode\u003e$TURBO_EXTENDS$\u003c/code\u003e in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12770\"\u003evercel/turborepo#12770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.11 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12771\"\u003evercel/turborepo#12771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow transit nodes in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12773\"\u003evercel/turborepo#12773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fc62fe0d9c347d1d24f0ed8946284856593ddb93\"\u003e\u003ccode\u003efc62fe0\u003c/code\u003e\u003c/a\u003e publish 2.9.14 to registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fb8c9aec0f9e83f95783659a5ce9c4478cf62cb9\"\u003e\u003ccode\u003efb8c9ae\u003c/code\u003e\u003c/a\u003e chore: Release 2.9.13 (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12803\"\u003e#12803\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/e8e629da4e1fb75231089e91b19be9d327a3e649\"\u003e\u003ccode\u003ee8e629d\u003c/code\u003e\u003c/a\u003e fix: Avoid project-local Yarn during detection (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12801\"\u003e#12801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/91c90cbf12f524c5c29b713d6472dd5fcdecb309\"\u003e\u003ccode\u003e91c90cb\u003c/code\u003e\u003c/a\u003e fix: Harden VS Code extension command execution (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12800\"\u003e#12800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/84f450894e87da1eed864d51f6f637f26980d560\"\u003e\u003ccode\u003e84f4508\u003c/code\u003e\u003c/a\u003e fix: Validate auth callback state (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12802\"\u003e#12802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/1779ad7901384f106236a6e196059e4929745514\"\u003e\u003ccode\u003e1779ad7\u003c/code\u003e\u003c/a\u003e Removed unneeded import form hash creation script in docs (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12799\"\u003e#12799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/71f8c90a807ffb9b9876ea8a04f523f473bf5c8d\"\u003e\u003ccode\u003e71f8c90\u003c/code\u003e\u003c/a\u003e test: Validate lockfiles without dependency downloads (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12789\"\u003e#12789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/5fcb96024d503127bb0ed760ebe159b7716c52b3\"\u003e\u003ccode\u003e5fcb960\u003c/code\u003e\u003c/a\u003e ci: Scope GitHub Actions caches by branch (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12788\"\u003e#12788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/4cf9fabc9a6f6c99fe4e2f2da9f35be631be062a\"\u003e\u003ccode\u003e4cf9fab\u003c/code\u003e\u003c/a\u003e ci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12787\"\u003e#12787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/859c629bc401f239ac7980a132746ca90478e17c\"\u003e\u003ccode\u003e859c629\u003c/code\u003e\u003c/a\u003e fix: Restore docs mobile menu (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12782\"\u003e#12782\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/turborepo/compare/v2.5.2...v2.9.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for turbo since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.3.4 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `svelte` from 4.2.19 to 5.55.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: abort running obsolete async branches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18118\"\u003e#18118\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/4d8f99a2709e3c02e48d8bc6c77458f4ba49d0e3\"\u003e\u003ccode\u003e4d8f99a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18220\"\u003e#18220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/05523088173e10af0753877af6936088de924833\"\u003e\u003ccode\u003e0552308\u003c/code\u003e\u003c/a\u003e chore: bump devalue (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18219\"\u003e#18219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/55f9c85c09d625c3dd80c71ce7542f57386fafb4\"\u003e\u003ccode\u003e55f9c85\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18158\"\u003e#18158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a10e8e47a5946623a60a1e36b9023c23926eae87\"\u003e\u003ccode\u003ea10e8e4\u003c/code\u003e\u003c/a\u003e fix: keep dependencies of \u003ccode\u003e$state.eager\u003c/code\u003e/\u003ccode\u003epending\u003c/code\u003e (alternative approach) (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ef4b97dfabfd7a23b27933e18f7393587c343d66\"\u003e\u003ccode\u003eef4b97d\u003c/code\u003e\u003c/a\u003e fix: duplicated \u0026quot;of\u0026quot; in events.js comment (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18217\"\u003e#18217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/5122936edb3c14e9a602e579727479b49cbd3239\"\u003e\u003ccode\u003e5122936\u003c/code\u003e\u003c/a\u003e fix: treat batches as a linked list (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18205\"\u003e#18205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.7/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.17.1 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.17.1...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.4.0 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.4.0...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.22.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.3 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore sc...\n\n_Description has been truncated_","html_url":"https://github.com/Dct555/graphiql/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dct555%2Fgraphiql/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"4520368286","node_id":"PR_kwDOPH88z87fNooW","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:38:16.000Z","updated_at":"2026-05-26T03:04:30.103Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":18,"packages":[{"name":"@modelcontextprotocol/sdk","old_version":"1.13.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"agents","old_version":"0.0.100","new_version":"0.3.10","repository_url":"https://github.com/cloudflare/agents"},{"name":"wrangler","old_version":"4.24.3","new_version":"4.94.0","repository_url":"https://github.com/cloudflare/workers-sdk"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"markdown-it","old_version":"14.1.0","new_version":"14.2.0","repository_url":"https://github.com/markdown-it/markdown-it"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"rollup","old_version":"4.44.2","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"tmp","old_version":"0.2.3","new_version":"0.2.5","repository_url":"https://github.com/raszi/node-tmp"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"vite","old_version":"7.0.4","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 12 updates in the /use-cases/mcp-server directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.13.1` | `1.29.0` |\n| [agents](https://github.com/cloudflare/agents/tree/HEAD/packages/agents) | `0.0.100` | `0.3.10` |\n| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.24.3` | `4.94.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.2.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.2` | `4.60.4` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.4` | `7.3.3` |\n\n\nUpdates `@modelcontextprotocol/sdk` from 1.13.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.13.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `agents` from 0.0.100 to 0.3.10\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/agents/blob/main/packages/agents/CHANGELOG.md\"\u003eagents's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.3.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/agents/pull/839\"\u003e#839\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/agents/commit/68916bfa08358d4bb5d61aff37acd8dc4ffc950e\"\u003e\u003ccode\u003e68916bf\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/whoiskatrin\"\u003e\u003ccode\u003e@​whoiskatrin\u003c/code\u003e\u003c/a\u003e! - Invalidate query cache on disconnect to fix stale auth tokens\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/agents/pull/841\"\u003e#841\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/agents/commit/3f490d045844e4884db741afbb66ca1fe65d4093\"\u003e\u003ccode\u003e3f490d0\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e! - Escape authError to prevent XSS attacks and store it in the connection state to avoid needing script tags to display error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/cloudflare/agents/commit/83f137f7046aeafc3b480b5aa4518f6290b14406\"\u003e\u003ccode\u003e83f137f\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​cloudflare/ai-chat\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.0.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.3.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/agents/pull/837\"\u003e#837\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/agents/commit/b11b9dda37d85a474b07e6ca48fb8cee566db9cc\"\u003e\u003ccode\u003eb11b9dd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/threepointone\"\u003e\u003ccode\u003e@​threepointone\u003c/code\u003e\u003c/a\u003e! - Fix AgentWorkflow run() method not being called in production\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003erun()\u003c/code\u003e method wrapper was being set as an instance property in the constructor, but Cloudflare's RPC system invokes methods from the prototype chain. This caused the initialization wrapper to be bypassed in production, resulting in \u003ccode\u003e_initAgent\u003c/code\u003e never being called.\u003c/p\u003e\n\u003cp\u003eChanged to wrap the subclass prototype's \u003ccode\u003erun\u003c/code\u003e method directly with proper safeguards:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUses \u003ccode\u003eObject.hasOwn()\u003c/code\u003e to only wrap prototypes that define their own \u003ccode\u003erun\u003c/code\u003e method (prevents double-wrapping inherited methods)\u003c/li\u003e\n\u003cli\u003eUses a \u003ccode\u003eWeakSet\u003c/code\u003e to track wrapped prototypes (prevents re-wrapping on subsequent instantiations)\u003c/li\u003e\n\u003cli\u003eUses an instance-level \u003ccode\u003e__agentInitCalled\u003c/code\u003e flag to prevent double initialization if \u003ccode\u003esuper.run()\u003c/code\u003e is called from a subclass\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.3.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/agents/pull/833\"\u003e#833\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/agents/commit/6c80022713a120c1a93e6afe16d20aee9ab6c9cb\"\u003e\u003ccode\u003e6c80022\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tarushnagpal\"\u003e\u003ccode\u003e@​tarushnagpal\u003c/code\u003e\u003c/a\u003e! - On invalid OAuth state, clear auth_url in storage and set the MCP connection state to FAILED ready for reconnection.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/agents/pull/834\"\u003e#834\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/agents/commit/2b4aecde7e6887764b5733033b615427cd564926\"\u003e\u003ccode\u003e2b4aecd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/threepointone\"\u003e\u003ccode\u003e@​threepointone\u003c/code\u003e\u003c/a\u003e! - Fix AgentClient.close() to immediately reject pending RPC calls instead of waiting for WebSocket close handshake timeout.\u003c/p\u003e\n\u003cp\u003ePreviously, calling \u003ccode\u003eclient.close()\u003c/code\u003e would not reject pending RPC calls until the WebSocket close handshake completed (which could take 15+ seconds in some environments). Now pending calls are rejected immediately when \u003ccode\u003eclose()\u003c/code\u003e is called, providing faster feedback on intentional disconnects.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.3.7\u003c/h2\u003e\n\u003ch1\u003eagents@0.3.7 Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release introduces \u003cstrong\u003eCloudflare Workflows integration\u003c/strong\u003e for durable multi-step processing, \u003cstrong\u003esecure email reply routing\u003c/strong\u003e with HMAC-SHA256 signatures, \u003cstrong\u003e15+ new documentation files\u003c/strong\u003e, and significant improvements to state management, the callable RPC system, and scheduling.\u003c/p\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eWorkflows Integration\u003c/strong\u003e - Seamless integration between Cloudflare Agents and Cloudflare Workflows for durable, multi-step background processing\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSecure Email Routing\u003c/strong\u003e - HMAC-SHA256 signed email headers prevent unauthorized routing of emails to agent instances\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eComprehensive Documentation\u003c/strong\u003e - 15+ new docs covering getting started, state, routing, HTTP/WebSocket lifecycle, callable methods, MCP, and scheduling\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSynchronous \u003ccode\u003esetState()\u003c/code\u003e\u003c/strong\u003e - State updates are now synchronous with a new \u003ccode\u003evalidateStateChange()\u003c/code\u003e validation hook\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003escheduleEvery()\u003c/code\u003e Method\u003c/strong\u003e - Fixed-interval recurring tasks with overlap prevention\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCallable System Improvements\u003c/strong\u003e - Client-side RPC timeouts, streaming error signaling, introspection API\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e100+ New Tests\u003c/strong\u003e - Comprehensive test coverage across state, routing, callable, and email utilities\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/069c584847b00db334840e4d158f2862ed504226\"\u003e\u003ccode\u003e069c584\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/840\"\u003e#840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/3f490d045844e4884db741afbb66ca1fe65d4093\"\u003e\u003ccode\u003e3f490d0\u003c/code\u003e\u003c/a\u003e fix: escape html in external oauth error message (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/841\"\u003e#841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/68916bfa08358d4bb5d61aff37acd8dc4ffc950e\"\u003e\u003ccode\u003e68916bf\u003c/code\u003e\u003c/a\u003e Invalidate query cache on disconnect to fix stale auth tokens (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/839\"\u003e#839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/e69eae544620e7ac1b071159edc85e16a009a4f8\"\u003e\u003ccode\u003ee69eae5\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/b11b9dda37d85a474b07e6ca48fb8cee566db9cc\"\u003e\u003ccode\u003eb11b9dd\u003c/code\u003e\u003c/a\u003e Fix AgentWorkflow run() method not being called in production (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/837\"\u003e#837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/72b44063df75dd782c1e8ac4beb26cdcaa5a5d7b\"\u003e\u003ccode\u003e72b4406\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/6c80022713a120c1a93e6afe16d20aee9ab6c9cb\"\u003e\u003ccode\u003e6c80022\u003c/code\u003e\u003c/a\u003e Handle invalid OAUth state (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/833\"\u003e#833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/2b4aecde7e6887764b5733033b615427cd564926\"\u003e\u003ccode\u003e2b4aecd\u003c/code\u003e\u003c/a\u003e Fix slow RPC rejection on close; add browser integration tests (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/834\"\u003e#834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/964757711645dd75a6661961df0139ab3079b348\"\u003e\u003ccode\u003e9647577\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/802\"\u003e#802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/6218541e9c1e40ccbaa25b2d9d93858c0ad81ffa\"\u003e\u003ccode\u003e6218541\u003c/code\u003e\u003c/a\u003e docs/tests/enhancements  (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/812\"\u003e#812\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/agents/commits/agents@0.3.10/packages/agents\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for agents since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.8.3 to 4.12.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(serve-static): normalize all backslashes in file paths, not just the first in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4962\"\u003ehonojs/hono#4962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(context): export the Context class publicly by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4543\"\u003ehonojs/hono#4543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(contribution): add AI Usage Policy by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4970\"\u003ehonojs/hono#4970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(compress): add contentTypeFilter option and \u003ccode\u003eCOMPRESSIBLE_CONTENT_TYPE_REGEX\u003c/code\u003e re-export by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4961\"\u003ehonojs/hono#4961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(utils/ipaddr): do not compress a single 0 group to \u003ccode\u003e::\u003c/code\u003e by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4971\"\u003ehonojs/hono#4971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.22...v4.12.23\"\u003ehttps://github.com/honojs/hono/compare/v4.12.22...v4.12.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update vitest to v4 and cleanups by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4952\"\u003ehonojs/hono#4952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mime): specify charset parameter per MIME type instead of mechanical detection by \u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(compress): respect Accept-Encoding when encoding option is set by \u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deno): echo negotiated WebSocket subprotocol in upgrade response by \u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add msgpack as a compressible content type by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.21...v4.12.22\"\u003ehttps://github.com/honojs/hono/compare/v4.12.21...v4.12.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.21\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eapp.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003eapp.mount()\u003c/code\u003e. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3\u003c/p\u003e\n\u003ch3\u003eIP Restriction bypasses static deny rules for non-canonical IPv6\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/ip-restriction\u003c/code\u003e. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5\u003c/p\u003e\n\u003ch3\u003eCookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of \u003ccode\u003esameSite\u003c/code\u003e and \u003ccode\u003epriority\u003c/code\u003e options against injection characters (\u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x\u003c/p\u003e\n\u003ch3\u003eJWT middleware accepts any Authorization scheme, not only Bearer\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/jwt\u003c/code\u003e, \u003ccode\u003ehono/jwk\u003c/code\u003e. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use \u003ccode\u003eapp.mount()\u003c/code\u003e, \u003ccode\u003ehono/ip-restriction\u003c/code\u003e, \u003ccode\u003ehono/cookie\u003c/code\u003e, or \u003ccode\u003ehono/jwt\u003c/code\u003e/\u003ccode\u003ehono/jwk\u003c/code\u003e are encouraged to upgrade to this version.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/83bfb3bb4a12c1d92c163a39e907df5d662ff78d\"\u003e\u003ccode\u003e83bfb3b\u003c/code\u003e\u003c/a\u003e 4.12.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/bcd290a64c0b392fd06d2bd1f256c5dc9835e4a4\"\u003e\u003ccode\u003ebcd290a\u003c/code\u003e\u003c/a\u003e fix(utils/ipaddr): do not compress a single 0 group to \u003ccode\u003e::\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4971\"\u003e#4971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c968177d9c11ddc7c7cca57c384497f11a6d60ae\"\u003e\u003ccode\u003ec968177\u003c/code\u003e\u003c/a\u003e feat(compress): add contentTypeFilter option and `COMPRESSIBLE_CONTENT_TYPE_R...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/0265a5453a7c272417eaa22b93d3fb319d2188ed\"\u003e\u003ccode\u003e0265a54\u003c/code\u003e\u003c/a\u003e docs(contribution): add AI Usage Policy (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c84c5d2d46ca6a78c316529491d42ab7bb956368\"\u003e\u003ccode\u003ec84c5d2\u003c/code\u003e\u003c/a\u003e feat(context): export the Context class publicly (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4543\"\u003e#4543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/82dad6297c90c33c41bf48b4530509a21588ad06\"\u003e\u003ccode\u003e82dad62\u003c/code\u003e\u003c/a\u003e fix(serve-static): normalize all backslashes in file paths, not just the firs...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e\"\u003e\u003ccode\u003e2f01b77\u003c/code\u003e\u003c/a\u003e 4.12.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99\"\u003e\u003ccode\u003e6bc0dff\u003c/code\u003e\u003c/a\u003e feat: add msgpack as a compressible content type (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4957\"\u003e#4957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9\"\u003e\u003ccode\u003e7e0555d\u003c/code\u003e\u003c/a\u003e fix(deno): echo negotiated WebSocket subprotocol in upgrade response (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6\"\u003e\u003ccode\u003ef0ed246\u003c/code\u003e\u003c/a\u003e fix(compress): respect Accept-Encoding when encoding option is set (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4951\"\u003e#4951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.8.3...v4.12.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wrangler` from 4.24.3 to 4.94.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/workers-sdk/releases\"\u003ewrangler's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ewrangler@4.94.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/workers-sdk/pull/13897\"\u003e#13897\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/52e9082e32d7bffaeca92f27ab472b56964ba2bb\"\u003e\u003ccode\u003e52e9082\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dario-piotrowicz\"\u003e\u003ccode\u003e@​dario-piotrowicz\u003c/code\u003e\u003c/a\u003e! - Add automatic Cloudflare skills installation for AI coding agents\u003c/p\u003e\n\u003cp\u003eWrangler now detects AI coding agents and offers to install Cloudflare skill files from the \u003ccode\u003ecloudflare/skills\u003c/code\u003e GitHub repository. Users are prompted once interactively; subsequent runs skip the prompt. Use \u003ccode\u003e--install-skills\u003c/code\u003e to install without prompting.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/workers-sdk/pull/13989\"\u003e#13989\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/f598eac72bcdf838ba890bcbd100e99ee8fac17f\"\u003e\u003ccode\u003ef598eac\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/MattieTK\"\u003e\u003ccode\u003e@​MattieTK\u003c/code\u003e\u003c/a\u003e! - Print a QR code alongside the tunnel URL when sharing via Cloudflare Tunnel\u003c/p\u003e\n\u003cp\u003eWhen a tunnel is started (via \u003ccode\u003ewrangler dev --tunnel\u003c/code\u003e or the Vite plugin with \u003ccode\u003etunnel: true\u003c/code\u003e), a scannable QR code is now printed to the terminal beneath the tunnel URL. This makes it easy to open the tunnel on a mobile device without manually copying the URL.\u003c/p\u003e\n\u003cp\u003eThe QR code uses Unicode block characters for a compact representation and is generated best-effort -- if generation fails for any reason, the tunnel URL is still displayed as before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/workers-sdk/pull/13467\"\u003e#13467\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/3a1fbed5988efe03ae50cc502eff6a4785728396\"\u003e\u003ccode\u003e3a1fbed\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/deloreyj\"\u003e\u003ccode\u003e@​deloreyj\u003c/code\u003e\u003c/a\u003e! - Add \u003ccode\u003eschedule\u003c/code\u003e property to Workflow bindings for cron-based triggering\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e This is a configuration-only change. Scheduled triggering of Workflow instances is not yet available — adding \u003ccode\u003eschedule\u003c/code\u003e to a Workflow binding will not result in scheduled invocations at this time. This change lays the groundwork for an upcoming feature.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eWorkflow bindings in \u003ccode\u003ewrangler.json\u003c/code\u003e now accept an optional \u003ccode\u003eschedule\u003c/code\u003e field that configures one or more cron expressions to automatically trigger new workflow instances on a schedule.\u003c/p\u003e\n\u003cpre lang=\"jsonc\"\u003e\u003ccode\u003e// wrangler.json\n{\n  \u0026quot;workflows\u0026quot;: [\n    {\n      \u0026quot;binding\u0026quot;: \u0026quot;MY_WORKFLOW\u0026quot;,\n      \u0026quot;name\u0026quot;: \u0026quot;my-workflow\u0026quot;,\n      \u0026quot;class_name\u0026quot;: \u0026quot;MyWorkflow\u0026quot;,\n      \u0026quot;schedule\u0026quot;: \u0026quot;0 9 * * 1\u0026quot;\n    }\n  ]\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eMultiple schedules can be provided as an array:\u003c/p\u003e\n\u003cpre lang=\"jsonc\"\u003e\u003ccode\u003e{\n  \u0026quot;workflows\u0026quot;: [\n    {\n      \u0026quot;binding\u0026quot;: \u0026quot;MY_WORKFLOW\u0026quot;,\n      \u0026quot;name\u0026quot;: \u0026quot;my-workflow\u0026quot;,\n      \u0026quot;class_name\u0026quot;: \u0026quot;MyWorkflow\u0026quot;,\n      \u0026quot;schedule\u0026quot;: [\u0026quot;0 9 * * 1\u0026quot;, \u0026quot;0 17 * * 5\u0026quot;]\n    }\n  ]\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe schedule is sent to the Workflows control plane on \u003ccode\u003ewrangler deploy\u003c/code\u003e. Configuring \u003ccode\u003eschedule\u003c/code\u003e on a workflow binding that references an external \u003ccode\u003escript_name\u003c/code\u003e is an error — the schedule must be configured on the worker that defines the workflow.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/b92f87cbbf3e8646d0c10e4e9bbc9391d669b899\"\u003e\u003ccode\u003eb92f87c\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13995\"\u003e#13995\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/fc1f7b977908b78a4379d1d7b261ca7c69022ba3\"\u003e\u003ccode\u003efc1f7b9\u003c/code\u003e\u003c/a\u003e [wrangler] Fix Access Service Token authentication for service-auth-only apps...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/f598eac72bcdf838ba890bcbd100e99ee8fac17f\"\u003e\u003ccode\u003ef598eac\u003c/code\u003e\u003c/a\u003e [wrangler][vite-plugin] Print QR code for tunnel URLs (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13989\"\u003e#13989\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/52e9082e32d7bffaeca92f27ab472b56964ba2bb\"\u003e\u003ccode\u003e52e9082\u003c/code\u003e\u003c/a\u003e Add automatic Cloudflare skills installation for AI coding agents (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13897\"\u003e#13897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/07336888e0bc82925e4023f5b72a0062f10d77b8\"\u003e\u003ccode\u003e0733688\u003c/code\u003e\u003c/a\u003e build(deps): bump the workerd-and-workers-types group with 2 updates (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13993\"\u003e#13993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/8c569c6232588594e7a48219bbd020955f5fd5a4\"\u003e\u003ccode\u003e8c569c6\u003c/code\u003e\u003c/a\u003e [wrangler] Include column names in D1 SQL export (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/12277\"\u003e#12277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/3a1fbed5988efe03ae50cc502eff6a4785728396\"\u003e\u003ccode\u003e3a1fbed\u003c/code\u003e\u003c/a\u003e [wrangler] Add schedule property to Workflow bindings for cron-based triggeri...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/90092c0bca526e2e08a25fe7969534426eb6fd9f\"\u003e\u003ccode\u003e90092c0\u003c/code\u003e\u003c/a\u003e [vitest-pool-workers] Stop externalizing devDependencies from the published b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/5ee65d572ce2718133de72c28705e2c9bda3d09b\"\u003e\u003ccode\u003e5ee65d5\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13969\"\u003e#13969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/e04e180d4adfe7d50db835508940e7ef7e9d9706\"\u003e\u003ccode\u003ee04e180\u003c/code\u003e\u003c/a\u003e [wrangler] Improve asset upload retry log message (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13990\"\u003e#13990\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/workers-sdk/commits/wrangler@4.94.0/packages/wrangler\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for wrangler since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ai` from 4.3.16 to 6.0.191\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/ai/releases\"\u003eai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eai@6.0.191\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [27a1b22]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​ai-sdk/gateway\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.0.120\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eai@6.0.190\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [33b10a2]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [f6e4146]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​ai-sdk/gateway\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.0.119\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eai@6.0.189\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e356c3cf: fix(ai): make input optional on input-streaming UIMessagePart variants\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eai@6.0.188\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ec98715a: Add \u003ccode\u003eallowSystemInMessages\u003c/code\u003e option to \u003ccode\u003eToolLoopAgent\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis exposes the same option that exists on \u003ccode\u003estreamText\u003c/code\u003e and \u003ccode\u003egenerateText\u003c/code\u003e, whether \u003ccode\u003erole: \u0026quot;system\u0026quot;\u003c/code\u003e messages are allowed in the \u003ccode\u003eprompt\u003c/code\u003e or \u003ccode\u003emessages\u003c/code\u003e fields. When unset, system messages are rejected because they can create a prompt injection attack risk. Ideally, use the \u003ccode\u003einstructions\u003c/code\u003e option instead. Set to \u003ccode\u003etrue\u003c/code\u003e to allow system messages, or \u003ccode\u003efalse\u003c/code\u003e to explicitly reject them.\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003econst agent = new ToolLoopAgent({\n  model,\n  allowSystemInMessages: true,\n});\n\u003cp\u003eawait agent.generate({\nmessages: [\n{ role: \u0026quot;system\u0026quot;, content: \u0026quot;Server context\u0026quot; },\n{ role: \u0026quot;user\u0026quot;, content: \u0026quot;Hello\u0026quot; },\n],\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe option can also be returned from \u003ccode\u003eprepareCall\u003c/code\u003e for dynamic per-call configuration.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eai@5.0.192\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [544fbab]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [1bdb6f7]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​ai-sdk/gateway\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.0.93\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/ai/blob/ai@6.0.191/packages/ai/CHANGELOG.md\"\u003eai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.191\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [27a1b22]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​ai-sdk/gateway\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.0.120\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.190\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [33b10a2]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [f6e4146]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​ai-sdk/gateway\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.0.119\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.189\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e356c3cf: fix(ai): make input optional on input-streaming UIMessagePart variants\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.188\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ec98715a: Add \u003ccode\u003eallowSystemInMessages\u003c/code\u003e option to \u003ccode\u003eToolLoopAgent\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis exposes the same option that exists on \u003ccode\u003estreamText\u003c/code\u003e and \u003ccode\u003egenerateText\u003c/code\u003e, whether \u003ccode\u003erole: \u0026quot;system\u0026quot;\u003c/code\u003e messages are allowed in the \u003ccode\u003eprompt\u003c/code\u003e or \u003ccode\u003emessages\u003c/code\u003e fields. When unset, system messages are rejected because they can create a prompt injection attack risk. Ideally, use the \u003ccode\u003einstructions\u003c/code\u003e option instead. Set to \u003ccode\u003etrue\u003c/code\u003e to allow system messages, or \u003ccode\u003efalse\u003c/code\u003e to explicitly reject them.\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003econst agent = new ToolLoopAgent({\n  model,\n  allowSystemInMessages: true,\n});\n\u003cp\u003eawait agent.generate({\nmessages: [\n{ role: \u0026quot;system\u0026quot;, content: \u0026quot;Server context\u0026quot; },\n{ role: \u0026quot;user\u0026quot;, content: \u0026quot;Hello\u0026quot; },\n],\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe option can also be returned from \u003ccode\u003eprepareCall\u003c/code\u003e for dynamic per-call configuration.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.187\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [6f4bb06]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/0838d52fe657c4f04891b78423fbc636a543851a\"\u003e\u003ccode\u003e0838d52\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15565\"\u003e#15565\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/1a3ec6d76fcc5333ac9b2751f3938cbe918efef2\"\u003e\u003ccode\u003e1a3ec6d\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15513\"\u003e#15513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/bde7d0ff4882364a94e7aeea8ff2b0a7e89effb4\"\u003e\u003ccode\u003ebde7d0f\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15494\"\u003e#15494\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/356c3cf88884ba10cc1bac93d93e4b3a8c96ef94\"\u003e\u003ccode\u003e356c3cf\u003c/code\u003e\u003c/a\u003e Backport: fix(ai): make input optional on input-streaming UIMessagePart varia...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/93ad540ed13863363ebc0bd5a9c574a082602d27\"\u003e\u003ccode\u003e93ad540\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15489\"\u003e#15489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/c98715ae5ecf19a18a7c31fa2ec30124e456188b\"\u003e\u003ccode\u003ec98715a\u003c/code\u003e\u003c/a\u003e Backport: [tool-loop-agent] adding support for messages with system role with...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/a15eda90f03049bfba99183b4fd308ca63372b86\"\u003e\u003ccode\u003ea15eda9\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15473\"\u003e#15473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/917e487d1f8d29554b30d56b17e846e9c233c0c5\"\u003e\u003ccode\u003e917e487\u003c/code\u003e\u003c/a\u003e Backport CI speed improvements to release-v6.0 (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15455\"\u003e#15455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/e33b836af7673d45eb90704574ffae5bdc6ba824\"\u003e\u003ccode\u003ee33b836\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15440\"\u003e#15440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/4a989451c5ef8c1b04d8a91e4e9301dc81708cfa\"\u003e\u003ccode\u003e4a98945\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15406\"\u003e#15406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/ai/commits/ai@6.0.191/packages/ai\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for ai since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebump version to 8.17.1 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2472\"\u003eajv-validator/ajv#2472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePlus everything in 8.17.0 which failed to release\u003c/h2\u003e\n\u003cp\u003eThe only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.\u003c/p\u003e\n\u003cp\u003eRevert \u0026quot;Revert fast-uri change (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2444\"\u003eajv-validator/ajv#2444\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2448\"\u003eajv-validator/ajv#2448\u003c/a\u003e\nfix: ignore new eslint error for \u003ccode\u003e@​typescript-eslint/no-extraneous-class\u003c/code\u003e by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2455\"\u003eajv-validator/ajv#2455\u003c/a\u003e\ndocs: clarify behaviour of addVocabulary by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2454\"\u003eajv-validator/ajv#2454\u003c/a\u003e\ndocs: refactor to improve legibility by \u003ca href=\"https://github.com/blottn\"\u003e\u003ccode\u003e@​blottn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2432\"\u003eajv-validator/ajv#2432\u003c/a\u003e\nFix grammatical typo in managing-schemas.md by \u003ca href=\"https://github.com/wetneb\"\u003e\u003ccode\u003e@​wetneb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2305\"\u003eajv-validator/ajv#2305\u003c/a\u003e\ndocs: Fix broken strict-mode link by \u003ca href=\"https://github.com/alexanderjsx\"\u003e\u003ccode\u003e@​alexanderjsx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2459\"\u003eajv-validator/ajv#2459\u003c/a\u003e\nfeat: add test for encoded refs and bump fast-uri by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2449\"\u003eajv-validator/ajv#2449\u003c/a\u003e\nfix: changes for \u003ccode\u003e@​typescript-eslint/array-type\u003c/code\u003e rule by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2467\"\u003eajv-validator/ajv#2467\u003c/a\u003e\nfixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2217\"\u003eajv-validator/ajv#2217\u003c/a\u003e - clarify custom keyword naming by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2457\"\u003eajv-validator/ajv#2457\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `body-parser` from 2.2.0 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/releases\"\u003ebody-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README links by \u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: release notes for the v1.20.4 release by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/674\"\u003eexpressjs/body-parser#674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update URL-encoded parser description to include ISO-8859-1 encoding support by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/679\"\u003eexpressjs/body-parser#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: use standard jsdoc tags everywhere by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/677\"\u003eexpressjs/body-parser#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@^6.14.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/689\"\u003eexpressjs/body-parser#689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/693\"\u003eexpressjs/body-parser#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.2.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/691\"\u003eexpressjs/body-parser#691\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\"\u003ehttps://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.1\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-13466\"\u003eCVE-2025-13466\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: add dependabot by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/593\"\u003eexpressjs/body-parser#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use full SHAs for github action versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/594\"\u003eexpressjs/body-parser#594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: type-is@^2.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/599\"\u003eexpressjs/body-parser#599\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/609\"\u003eexpressjs/body-parser#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/610\"\u003eexpressjs/body-parser#610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/611\"\u003eexpressjs/body-parser#611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/613\"\u003eexpressjs/body-parser#613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/612\"\u003eexpressjs/body-parser#612\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add codeql github workflows scanning by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/614\"\u003eexpressjs/body-parser#614\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update CodeQL config to ignore the test directory by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/615\"\u003eexpressjs/body-parser#615\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/620\"\u003eexpressjs/body-parser#620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/619\"\u003eexpressjs/body-parser#619\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): unpin devDependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/616\"\u003eexpressjs/body-parser#616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/621\"\u003eexpressjs/body-parser#621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/623\"\u003eexpressjs/body-parser#623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/624\"\u003eexpressjs/body-parser#624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/617\"\u003eexpressjs/body-parser#617\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/625\"\u003eexpressjs/body-parser#625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/630\"\u003eexpressjs/body-parser#630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: move common request validation to read function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/600\"\u003eexpressjs/body-parser#600\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump iconv-lite by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/631\"\u003eexpressjs/body-parser#631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: pull beta changelog forward into 2.0.0 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/629\"\u003eexpressjs/body-parser#629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: optimize raw and text parsers with shared passthrough function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/634\"\u003eexpressjs/body-parser#634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/640\"\u003eexpressjs/body-parser#640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/639\"\u003eexpressjs/body-parser#639\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/636\"\u003eexpressjs/body-parser#636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/637\"\u003eexpressjs/body-parser#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/638\"\u003eexpressjs/body-parser#638\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: raw-body@^3.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/641\"\u003eexpressjs/body-parser#641\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/blob/master/HISTORY.md\"\u003ebody-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.2.2 / 2026-01-07\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@^6.14.1\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.2.1 / 2025-11-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps:\n\u003cul\u003e\n\u003cli\u003etype-is@^2.0.1\u003c/li\u003e\n\u003cli\u003eiconv-lite@^0.7.0\n\u003cul\u003e\n\u003cli\u003eHandle split surrogate pairs when encoding UTF-8\u003c/li\u003e\n\u003cli\u003eAvoid false positives in \u003ccode\u003eencodingExists\u003c/code\u003e by using prototype-less objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eraw-body@^3.0.1\u003c/li\u003e\n\u003cli\u003edebug@^4.4.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/3d248660b2e8b66732b232d7c758517fbf2420a6\"\u003e\u003ccode\u003e3d24866\u003c/code\u003e\u003c/a\u003e 2.2.2 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/8474a984c3ba36a1b4328ce019833b99caa0f08f\"\u003e\u003ccode\u003e8474a98\u003c/code\u003e\u003c/a\u003e refactor(json): simplify strict mode error string construction (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/03f17c2538552a57e6be537afca8c7587bd40aaa\"\u003e\u003ccode\u003e03f17c2\u003c/code\u003e\u003c/a\u003e deps: qs@^6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/689\"\u003e#689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/ea1f25e503c1b2f7ba6f8562724ae0fcd247fb75\"\u003e\u003ccode\u003eea1f25e\u003c/code\u003e\u003c/a\u003e docs: use standard jsdoc tags everywhere (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d7deef8ec61307fa28c22bc443cf8ed2f267945a\"\u003e\u003ccode\u003ed7deef8\u003c/code\u003e\u003c/a\u003e docs: update URL-encoded parser description to include ISO-8859-1 encoding su...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b6f52aabc65137c5227c8a462bddb761daeb96e7\"\u003e\u003ccode\u003eb6f52aa\u003c/code\u003e\u003c/a\u003e docs: release notes for the v1.20.4 release (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/2965ca4af4883109cb2f651f4ce12da310902a0c\"\u003e\u003ccode\u003e2965ca4\u003c/code\u003e\u003c/a\u003e docs: update links (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d96b63da8d7445de317736471633bac83ec76cbb\"\u003e\u003ccode\u003ed96b63d\u003c/code\u003e\u003c/a\u003e 2.2.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b204886a6744b0b6d297cd0e849d75de836f3b63\"\u003e\u003ccode\u003eb204886\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2025-13466\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/e20e3512e085c1162e8ffe36ac65c705a8017251\"\u003e\u003ccode\u003ee20e351\u003c/code\u003e\u003c/a\u003e feat: remove \u003ccode\u003ehistory.md\u003c/code\u003e from being packaged on publish (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/660\"\u003e#660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/body-parser/compare/v2.2.0...v2.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit...\n\n_Description has been truncated_\n\n---\n\n📦 This PR updates 18 npm dependencies across the MCP server use case, including major version bumps for the Model Context Protocol SDK (1.13.1 → 1.29.0), Cloudflare Agents (0.0.100 → 0.3.10), and several other core dependencies to their latest versions.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Model Context Protocol SDK**: Major update from 1.13.1 to 1.29.0 with bug fixes, security improvements, and new extension capabilities\n- **Cloudflare Agents**: Significant version jump from 0.0.100 to 0.3.10 introducing Workflows integration, secure email routing, and improved state management\n- **Development Tools**: Updated Wrangler (4.23.0 → 4.94.0) and Vitest pool workers (0.8.53 → 0.16.9) for better development experience\n- **Security Updates**: Multiple packages received security patches including AJV, body-parser, and PostCSS\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 18 Outdated Dependencies]\n    B --\u003e C[Update Direct Dependencies]\n    B --\u003e D[Update Transitive Dependencies]\n    C --\u003e E[MCP SDK 1.29.0]\n    C --\u003e F[Agents 0.3.10]\n    C --\u003e G[Wrangler 4.94.0]\n    D --\u003e H[Security Patches]\n    D --\u003e I[Performance Improvements]\n    E --\u003e J[Enhanced MCP Features]\n    F --\u003e K[Workflows Integration]\n    G --\u003e L[Better Dev Experience]\n    H --\u003e M[CVE Fixes]\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs and security vulnerabilities in dependencies like AJV and body-parser\n- **Feature Expansion**: New MCP SDK capabilities and Cloudflare Workflows integration enable more sophisticated agent behaviors\n- **Developer Experience**: Updated Wrangler with QR code tunnel sharing and improved debugging capabilities\n- **Stability Improvements**: Bug fixes across the dependency chain improve overall application reliability\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/context-engineering-intro/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fcontext-engineering-intro/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4514939743","node_id":"PR_kwDOBTb13s7e8ECi","number":172,"state":"closed","title":"build(deps): bump the web-npm-minor-patch group in /web with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-31T09:58:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T06:55:49.000Z","updated_at":"2026-05-31T09:58:54.000Z","time_to_close":529384,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"web-npm-minor-patch","update_count":9,"packages":[{"name":"file-saver","old_version":"2.0.2","new_version":"2.0.5","repository_url":"https://github.com/eligrey/FileSaver.js"},{"name":"js-beautify","old_version":"1.10.2","new_version":"1.15.4","repository_url":"https://github.com/beautifier/js-beautify"},{"name":"rxjs-compat","old_version":"6.5.3","new_version":"6.6.7"},{"name":"underscore","old_version":"1.12.1","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"@types/underscore","old_version":"1.9.4","new_version":"1.13.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"zone.js","old_version":"0.8.29","new_version":"0.16.2","repository_url":"https://github.com/angular/angular"},{"name":"@types/text-encoding-utf-8","old_version":"1.0.1","new_version":"1.0.5","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"karma-chrome-launcher","old_version":"3.1.0","new_version":"3.2.0","repository_url":"https://github.com/karma-runner/karma-chrome-launcher"},{"name":"sass","old_version":"1.89.2","new_version":"1.100.0","repository_url":"https://github.com/sass/dart-sass"}],"path":"/web","ecosystem":"npm"},"body":"Bumps the web-npm-minor-patch group in /web with 9 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-saver](https://github.com/eligrey/FileSaver.js) | `2.0.2` | `2.0.5` |\n| [js-beautify](https://github.com/beautifier/js-beautify) | `1.10.2` | `1.15.4` |\n| rxjs-compat | `6.5.3` | `6.6.7` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.12.1` | `1.13.8` |\n| [@types/underscore](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/underscore) | `1.9.4` | `1.13.0` |\n| [zone.js](https://github.com/angular/angular/tree/HEAD/packages/zone.js) | `0.8.29` | `0.16.2` |\n| [@types/text-encoding-utf-8](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/text-encoding-utf-8) | `1.0.1` | `1.0.5` |\n| [karma-chrome-launcher](https://github.com/karma-runner/karma-chrome-launcher) | `3.1.0` | `3.2.0` |\n| [sass](https://github.com/sass/dart-sass) | `1.89.2` | `1.100.0` |\n\nUpdates `file-saver` from 2.0.2 to 2.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eligrey/FileSaver.js/releases\"\u003efile-saver's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.4\u003c/h2\u003e\n\u003cp\u003echanges how it detect safari\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eligrey/FileSaver.js/blob/master/CHANGELOG.md\"\u003efile-saver's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eligrey/FileSaver.js/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-beautify` from 1.10.2 to 1.15.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/beautifier/js-beautify/releases\"\u003ejs-beautify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.3 🌈\u003c/h2\u003e\n\u003cp\u003eDowngrade \u003ccode\u003eglob\u003c/code\u003e to v10.x for Node.js 18.x support\u003c/p\u003e\n\u003ch2\u003ev1.15.2 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.15.1 🌈\u003c/h2\u003e\n\u003ch2\u003eHOTFIX\u003c/h2\u003e\n\u003cp\u003eMerged \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2288\"\u003e#2288\u003c/a\u003e to beautifier.io dropping \u003ccode\u003epolyfill.io\u003c/code\u003e  usage.\u003c/p\u003e\n\u003ch2\u003ev1.15.0 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.11 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.9 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.8 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.6 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.5 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.2 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.0 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.12.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.11.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/beautifier/js-beautify/blob/main/CHANGELOG.md\"\u003ejs-beautify's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade nopt to v7.x to maintain Node.js v14 compatibility (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2358\"\u003e#2358\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix node 18 support by downgrading glob to v10 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2350\"\u003e#2350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch SNYK-JS-CROSSSPAWN-8303230 issue brought it through old glob package (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease wheels on pypi (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2313\"\u003e#2313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eModuleNotFoundError: No module named 'setuptools.command.test' as of latest setuptools package release (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2301\"\u003e#2301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python]Compatible with setuptools\u0026gt;=72 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2300\"\u003e#2300\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTurn new angular templating off by default in html (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2247\"\u003e#2247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePerf regression in latest release (1.15.0) (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2246\"\u003e#2246\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2219\"\u003e#2219\u003c/a\u003e - formatting of new Angular control flow syntax (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2221\"\u003e#2221\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEditor not working \u003ca href=\"https://beautifier.io/\"\u003ehttps://beautifier.io/\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2201\"\u003e#2201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet nodejs minimum to v14 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInvalid prettification of object with unicode escape character as object key (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2159\"\u003e#2159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003einvalid json being generated with wrap_line_length (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1932\"\u003e#1932\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump semver and editorconfig (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate editorconfig package (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow to configure the \u0026quot;custom elements as inline elements\u0026quot; behavior (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2113\"\u003e#2113\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire nodejs v12 or greater (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2151\"\u003e#2151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCSS insideNonNestedAtRule generic variable  (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2147\"\u003e#2147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate dependencies (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2145\"\u003e#2145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI build (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2144\"\u003e#2144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2133\"\u003e#2133\u003c/a\u003e Theme Toggle on without_codemirror Mode (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2138\"\u003e#2138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003euse correct variable name (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2135\"\u003e#2135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: Fix a few typos (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for new record types (cont.) (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2118\"\u003e#2118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix - semicolon followed by block statement doesnt have new line (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2117\"\u003e#2117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix formatting related to the \u003c!-- raw HTML omitted --\u003e element (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eissue prettifying (function(){code();{code}})() (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1852\"\u003e#1852\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDoc: Updates web browser implementation examples (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2107\"\u003e#2107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHTML formatter breaks layout by introducing newlines (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1989\"\u003e#1989\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGlobs no longer work on Windows in 1.14.5 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/1eab9a1c5e360f375cd77cafc3921ec7558fb705\"\u003e\u003ccode\u003e1eab9a1\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/staging/main' into staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/b8174edb90f0f6fe05372ba61b1fbaa1793af5c3\"\u003e\u003ccode\u003eb8174ed\u003c/code\u003e\u003c/a\u003e Bump version numbers for 1.15.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/0f0b61a18e348087e87c55dd77045f73a393a96f\"\u003e\u003ccode\u003e0f0b61a\u003c/code\u003e\u003c/a\u003e Update Changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/11faca4ea08aaf86f4b547a5b0cf9518592fd8c9\"\u003e\u003ccode\u003e11faca4\u003c/code\u003e\u003c/a\u003e Downgrade nopt to maintain nodejs 14 support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/53bf08942f6dd2f502585ac459c3d98937a0476b\"\u003e\u003ccode\u003e53bf089\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2353\"\u003e#2353\u003c/a\u003e from beautifier/staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/bc8ce4b436d8a42ae8ee0d1da05bdb64fbaad684\"\u003e\u003ccode\u003ebc8ce4b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2352\"\u003e#2352\u003c/a\u003e from beautifier/staging/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/78748ead003a548236f4e106cc66b4df829b7e21\"\u003e\u003ccode\u003e78748ea\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/staging/main' into staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/f37ab9177821df250b1794ddac3f1bcc2a99eaab\"\u003e\u003ccode\u003ef37ab91\u003c/code\u003e\u003c/a\u003e Bump version numbers for 1.15.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/aaeb85b78864f91accae112b325769724e295acd\"\u003e\u003ccode\u003eaaeb85b\u003c/code\u003e\u003c/a\u003e Update Changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/dc9880bc5c376d6371c181824acb5e9b93a26073\"\u003e\u003ccode\u003edc9880b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2350\"\u003e#2350\u003c/a\u003e from weiwei/fix-node-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beautifier/js-beautify/compare/v1.10.2...v1.15.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rxjs-compat` from 6.5.3 to 6.6.7\n\nUpdates `underscore` from 1.12.1 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.12.1...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/underscore` from 1.9.4 to 1.13.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/underscore\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zone.js` from 0.8.29 to 0.16.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/angular/angular/blob/main/packages/zone.js/CHANGELOG.md\"\u003ezone.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.2 (2026-05-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(zone.js): support vitest patching in zone.js/testing (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/68395\"\u003e#68395\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/62c6e3b\"\u003e62c6e3b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/68395\"\u003e#68395\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/68395\"\u003e#68395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(zone.js): allow draining microtasks in \u003ccode\u003ePromise.then\u003c/code\u003e (through flag) (\u003ca href=\"https://github.com/angular/angular/commit/fc6a7ee\"\u003efc6a7ee\u003c/a\u003e), closes \u003ca href=\"https://github.com/angular/issues/45273\"\u003eangular#45273\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/44446\"\u003eangular#44446\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/55590\"\u003eangular#55590\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/51328\"\u003eangular#51328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.1 (2026-02-18)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(zone.js): support passthrough of Promise.try API (\u003ca href=\"https://github.com/angular/angular/commit/fc557f0\"\u003efc557f0\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/67057\"\u003e#67057\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.0 (2025-11-19)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(zone.js): Support jasmine v6 (\u003ca href=\"https://github.com/angular/angular/commit/48abe00\"\u003e48abe00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(zone.js): waitForAsync should pass args to the test function (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/61755\"\u003e#61755\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/3c216c1\"\u003e3c216c1\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/61755\"\u003e#61755\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/61717\"\u003e#61717\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/61755\"\u003e#61755\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): Add internal implementation for auto ticking fakeAsync (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/62135\"\u003e#62135\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/0a827f9\"\u003e0a827f9\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/62135\"\u003e#62135\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/62135\"\u003e#62135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): Improve missing proxy zone error for jest imported (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/64497\"\u003e#64497\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/ced2fa5\"\u003eced2fa5\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/64497\"\u003e#64497\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/47603\"\u003e#47603\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/64497\"\u003e#64497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): remove legacy browser support (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/63511\"\u003e#63511\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/2e46596\"\u003e2e46596\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/63511\"\u003e#63511\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63511\"\u003e#63511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): remove unused jasmine globalerror monkey patching. (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/63077\"\u003e#63077\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/9aef481\"\u003e9aef481\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/63077\"\u003e#63077\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63072\"\u003e#63072\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63077\"\u003e#63077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(zone.js): refactor tests to remove usage of shelljs (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/64042\"\u003e#64042\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/422a3b9\"\u003e422a3b9\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/64042\"\u003e#64042\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/64042\"\u003e#64042\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBREAKING CHANGE\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIE/Non-Chromium Edge are not supported anymore.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.15.0...zone.js-0.15.1\"\u003e0.15.1\u003c/a\u003e (2025-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e classes that extend Error should retain cause property (\u003ca href=\"https://redirect.github.com/angular/angular/issues/61599\"\u003e#61599\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/ad8931cb4968b2bd25b05dcd3d856ec32e4d7145\"\u003ead8931c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e more robust check for promise-like objects (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57388\"\u003e#57388\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/e608e6cfbbc9fba7c74bfef72f102a502e951e6c\"\u003ee608e6c\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/57385\"\u003e#57385\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e remove \u003ccode\u003eabort\u003c/code\u003e listener once fetch is settled (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57882\"\u003e#57882\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/69763491c3ffb576822b179af3363ec666d43bce\"\u003e6976349\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.14.10...zone.js-0.15.0\"\u003e0.15.0\u003c/a\u003e (2024-08-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e Add support for addition jest functions. (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57280\"\u003e#57280\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/e1240c6f5d9a3d68ccef7ffbf0a0646ad1164cd8\"\u003ee1240c6\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/57277\"\u003e#57277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e Update the default behavior of fakeAsync to flush after the test (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57240\"\u003e#57240\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/70e8b40750e894bc1439713cd508d8bd9fafb7a4\"\u003e70e8b40\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e \u003ccode\u003efakeAsync\u003c/code\u003e will now flush pending timers at the end of\nthe given function by default. To opt-out of this, you can use \u003ccode\u003e{flush: false}\u003c/code\u003e in options parameter of \u003ccode\u003efakeAsync\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.14.8...zone.js-0.14.10\"\u003e0.14.10\u003c/a\u003e (2024-08-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/angular/angular/commits/zone.js-0.16.2/packages/zone.js\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~google-wombot\"\u003egoogle-wombot\u003c/a\u003e, a new releaser for zone.js since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/text-encoding-utf-8` from 1.0.1 to 1.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/text-encoding-utf-8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/underscore` from 1.9.4 to 1.13.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/underscore\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `karma-chrome-launcher` from 3.1.0 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/releases\"\u003ekarma-chrome-launcher's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2023-04-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd process.env.ProgramW6432 as root location for binaries (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e12a73db\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.1.1\"\u003e3.1.1\u003c/a\u003e (2022-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eartificially trigger a release (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e83fdc3c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/blob/master/CHANGELOG.md\"\u003ekarma-chrome-launcher's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2023-04-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd process.env.ProgramW6432 as root location for binaries (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e12a73db\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.1.1\"\u003e3.1.1\u003c/a\u003e (2022-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eartificially trigger a release (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e83fdc3c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/e92a2b4c19d43fe47a3322a31f72d2a5bfcf77b0\"\u003e\u003ccode\u003ee92a2b4\u003c/code\u003e\u003c/a\u003e chore(release): 3.2.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e\u003ccode\u003e12a73db\u003c/code\u003e\u003c/a\u003e feat: add process.env.ProgramW6432 as root location for binaries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d193ef328ed9cb6474b59137e106cf67319f5262\"\u003e\u003ccode\u003ed193ef3\u003c/code\u003e\u003c/a\u003e build(deps): bump semver-regex from 3.1.3 to 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d1c05e372a4c3f1c784257f4127bab1ff0460afe\"\u003e\u003ccode\u003ed1c05e3\u003c/code\u003e\u003c/a\u003e build(deps): bump engine.io and karma\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/3f0cd9985703fae99d123530600c248f0df9209a\"\u003e\u003ccode\u003e3f0cd99\u003c/code\u003e\u003c/a\u003e build(deps): bump qs and body-parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/5f3cbb1df8a95ab212c8dbb8ff1f03efbaf9a3c6\"\u003e\u003ccode\u003e5f3cbb1\u003c/code\u003e\u003c/a\u003e chore(release): 3.1.1 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e\u003ccode\u003e83fdc3c\u003c/code\u003e\u003c/a\u003e fix: artificially trigger a release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/4dc0bd282c9a20e8ebdbbb0b636816959f498195\"\u003e\u003ccode\u003e4dc0bd2\u003c/code\u003e\u003c/a\u003e docs: fix Karma's url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/5400b23199c682bc6bc00739fd6a8d9f6c520bed\"\u003e\u003ccode\u003e5400b23\u003c/code\u003e\u003c/a\u003e docs: explain testing, linting and commit linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d2ad8c69f7f88e479ac6b40e4e699232d8a675c3\"\u003e\u003ccode\u003ed2ad8c6\u003c/code\u003e\u003c/a\u003e build: disallow \u003ccode\u003echore\u003c/code\u003e type commits\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sass` from 1.89.2 to 1.100.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sass/dart-sass/releases\"\u003esass's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDart Sass 1.100.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.100.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eWriting two compound selectors adjacent to one another without any whitespace between them, such as \u003ccode\u003e[class]a\u003c/code\u003e, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/adjacent-compounds\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#11000\"\u003efull changelog\u003c/a\u003e for changes in earlier releases.\u003c/p\u003e\n\u003ch2\u003eDart Sass 1.99.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.99.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for parent selectors (\u003ccode\u003e\u0026amp;\u003c/code\u003e) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#using_outside_nested_rule\"\u003ethe scoping root\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003ecalc\u003c/code\u003e or \u003ccode\u003eclamp\u003c/code\u003e are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in \u003ccode\u003ecalc()\u003c/code\u003e or \u003ccode\u003eclamp()\u003c/code\u003e function.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e, \u003ccode\u003e-url\u003c/code\u003e, \u003ccode\u003e-and\u003c/code\u003e, \u003ccode\u003e-or\u003c/code\u003e, or \u003ccode\u003e-not\u003c/code\u003e are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003eEXPRESSION\u003c/code\u003e, \u003ccode\u003eURL\u003c/code\u003e, and \u003ccode\u003eELEMENT\u003c/code\u003e, those that begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-ELEMENT\u003c/code\u003e, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn a future release, calls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e and \u003ccode\u003e-url\u003c/code\u003e will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCalls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-progid:...\u003c/code\u003e are deprecated.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1990\"\u003efull changelog\u003c/a\u003e for changes in earlier releases.\u003c/p\u003e\n\u003ch2\u003eDart Sass 1.98.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.98.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sass/dart-sass/blob/main/CHANGELOG.md\"\u003esass's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.100.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eWriting two compound selectors adjacent to one another without any whitespace\nbetween them, such as \u003ccode\u003e[class]a\u003c/code\u003e, is now deprecated. This was always an error\nin CSS and Sass only supported it by mistake.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/adjacent-compounds\"\u003ethe Sass website\u003c/a\u003e for\ndetails.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.99.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for parent selectors (\u003ccode\u003e\u0026amp;\u003c/code\u003e) at the root of the document. These are\nemitted as-is in the CSS output, where they're interpreted as \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#using_outside_nested_rule\"\u003ethe scoping\nroot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003ecalc\u003c/code\u003e or \u003ccode\u003eclamp\u003c/code\u003e are no longer forbidden. If\nsuch a function exists without a namespace in the current module, it will be\nused instead of the built-in \u003ccode\u003ecalc()\u003c/code\u003e or \u003ccode\u003eclamp()\u003c/code\u003e function.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e,\n\u003ccode\u003e-url\u003c/code\u003e, \u003ccode\u003e-and\u003c/code\u003e, \u003ccode\u003e-or\u003c/code\u003e, or \u003ccode\u003e-not\u003c/code\u003e are no longer forbidden. These were\noriginally intended to match vendor prefixes, but in practice no vendor\nprefixes for these functions ever existed in real browsers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003eEXPRESSION\u003c/code\u003e, \u003ccode\u003eURL\u003c/code\u003e, and \u003ccode\u003eELEMENT\u003c/code\u003e, those that\nbegin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-ELEMENT\u003c/code\u003e, as well as the same names with some\nlowercase letters are now deprecated, These are names conflict with plain CSS\nfunctions that have special syntax.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn a future release, calls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end\nwith \u003ccode\u003e-expression\u003c/code\u003e and \u003ccode\u003e-url\u003c/code\u003e will no longer have special parsing. For now,\nthese calls are deprecated if their behavior will change in the future.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCalls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-progid:...\u003c/code\u003e are\ndeprecated.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.98.0\u003c/h2\u003e\n\u003ch3\u003eCommand-Line Interface\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGracefully handle dependency loops in \u003ccode\u003e--watch\u003c/code\u003e mode.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/5fd18c75e31a855476059fb6fb0c6aa829292739\"\u003e\u003ccode\u003e5fd18c7\u003c/code\u003e\u003c/a\u003e Bump node engine requirement to \u0026gt;=20.19.0 and chokidar requirement to ^5.0.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/8c1d984e420d891c9c92ba1afc8b28e70a2afb78\"\u003e\u003ccode\u003e8c1d984\u003c/code\u003e\u003c/a\u003e Deprecate adjacent compound selectors (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2765\"\u003e#2765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/8e5f7180b4f3de4281d3454090548c03e9db8135\"\u003e\u003ccode\u003e8e5f718\u003c/code\u003e\u003c/a\u003e Bump postcss from 8.5.12 to 8.5.13 in /pkg/sass-parser (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2767\"\u003e#2767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/1447f9b42e89d693ce308bad9cbf8ec3e1db78c4\"\u003e\u003ccode\u003e1447f9b\u003c/code\u003e\u003c/a\u003e Bump postcss from 8.5.8 to 8.5.12 in /pkg/sass-parser (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2766\"\u003e#2766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/83c39fec93ab0dc183a46cff2bc468999ce53e20\"\u003e\u003ccode\u003e83c39fe\u003c/code\u003e\u003c/a\u003e Support the top-level parent selector (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2758\"\u003e#2758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/ec85871864ca16f8045e66ad329bd462e791bfa1\"\u003e\u003ccode\u003eec85871\u003c/code\u003e\u003c/a\u003e Bump EndBug/add-and-commit from 9 to 10 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2756\"\u003e#2756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/a604acd19ad2ce31ef2efe9aa5950b0c5fcc74a9\"\u003e\u003ccode\u003ea604acd\u003c/code\u003e\u003c/a\u003e [Function Name] Implement changes (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2731\"\u003e#2731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/5a81ae3348caab2131ee08c8c0141337420372b5\"\u003e\u003ccode\u003e5a81ae3\u003c/code\u003e\u003c/a\u003e Bump version to 1.98.0 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2754\"\u003e#2754\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/e25e71ddd86b29b6a91f189a1211656081d1932a\"\u003e\u003ccode\u003ee25e71d\u003c/code\u003e\u003c/a\u003e Update immutable to v5.1.5 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2753\"\u003e#2753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/43fac1a989ce2a9ee66d95d99f739881462ee3a8\"\u003e\u003ccode\u003e43fac1a\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2747\"\u003e#2747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sass/dart-sass/compare/1.89.2...1.100.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for sass since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/elkozmon/zoonavigator/pull/172","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/elkozmon%2Fzoonavigator/issues/172","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/172/packages"},{"uuid":"4510430553","node_id":"PR_kwDON6Mqlc7euZmm","number":7,"state":"open","title":"Bump the npm_and_yarn group across 19 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T03:59:46.000Z","updated_at":"2026-05-24T04:03:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":16,"packages":[{"name":"bn.js","old_version":"4.11.9","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"underscore","old_version":"1.9.1","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"uuid","old_version":"3.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"axios","old_version":"0.21.1","new_version":"0.31.1","repository_url":"https://github.com/axios/axios"},{"name":"minimist","old_version":"1.2.5","new_version":"1.2.8","repository_url":"https://github.com/minimistjs/minimist"},{"name":"decode-uri-component","old_version":"0.2.0","new_version":"0.2.2","repository_url":"https://github.com/SamVerschueren/decode-uri-component"},{"name":"tmp","old_version":"0.0.33","new_version":"0.2.5","repository_url":"https://github.com/raszi/node-tmp"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"json-schema","old_version":"0.2.3","new_version":"0.4.0","repository_url":"https://github.com/kriszyp/json-schema"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [uuid](https://github.com/uuidjs/uuid) | `3.3.2` | `14.0.0` |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `0.31.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.0.33` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/web3-bzz directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [simple-get](https://github.com/feross/simple-get) | `2.8.1` | `2.8.2` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-core-helpers directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.6` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-core-subscriptions directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-eth directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth-abi directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-eth-ens directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth-iban directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3-eth-personal directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth2-beaconchain directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.5` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [form-data](https://github.com/form-data/form-data) | `2.3.3` | `3.0.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 8 updates in the /packages/web3-eth2-core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `0.31.1` |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.5` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [form-data](https://github.com/form-data/form-data) | `2.3.3` | `3.0.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-net directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-providers-http directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-providers-ipc directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-providers-ws directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3-shh directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/web3-utils directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [simple-get](https://github.com/feross/simple-get) | `2.8.1` | `2.8.2` |\n\n\nUpdates `bn.js` from 4.11.9 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/84ae31344a557abb78ddabe3bac923b7503e4fb5\"\u003e\u003ccode\u003e84ae313\u003c/code\u003e\u003c/a\u003e 4.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/967ed0a50a9400bbbd83b450550cf37f7fa178b9\"\u003e\u003ccode\u003e967ed0a\u003c/code\u003e\u003c/a\u003e fix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/61962320d7907a1a4d03a665782cb2733160c907\"\u003e\u003ccode\u003e6196232\u003c/code\u003e\u003c/a\u003e Fix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.9.1 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.9.1...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jgonggrijp\"\u003ejgonggrijp\u003c/a\u003e, a new releaser for underscore since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 3.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v3.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.21.1 to 0.31.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.31.1\u003c/h2\u003e\n\u003cp\u003eThis release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed \u003ccode\u003edist/\u003c/code\u003e artefacts along with Bower support.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBower \u0026amp; Committed \u003ccode\u003edist/\u003c/code\u003e Removed:\u003c/strong\u003e \u003ccode\u003edist/\u003c/code\u003e bundles are no longer committed to the repo, and \u003ccode\u003ebower.json\u003c/code\u003e plus the Grunt \u003ccode\u003epackage2bower\u003c/code\u003e task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9):\u003c/strong\u003e Tightened \u003ccode\u003eisFormData\u003c/code\u003e to reject plain/null-prototype objects and require \u003ccode\u003eappend\u003c/code\u003e, and guarded the Node HTTP adapter so \u003ccode\u003edata.getHeaders()\u003c/code\u003e is only merged when it is not inherited from \u003ccode\u003eObject.prototype\u003c/code\u003e. Blocks injected headers via polluted \u003ccode\u003egetHeaders\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf):\u003c/strong\u003e \u003ccode\u003emergeConfig\u003c/code\u003e, defaults resolution, and the HTTP adapter now uses own-property checks for \u003ccode\u003etransport\u003c/code\u003e, \u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eBlob\u003c/code\u003e, \u003ccode\u003eformSerializer\u003c/code\u003e, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFormData / Params Recursion DoS:\u003c/strong\u003e Added a configurable \u003ccode\u003emaxDepth\u003c/code\u003e (default \u003ccode\u003e100\u003c/code\u003e, \u003ccode\u003eInfinity\u003c/code\u003e disables) to \u003ccode\u003etoFormData\u003c/code\u003e and params serialisation, throwing \u003ccode\u003eAxiosError\u003c/code\u003e with code \u003ccode\u003eERR_FORM_DATA_DEPTH_EXCEEDED\u003c/code\u003e when exceeded. Circular-reference detection is preserved. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNull-Byte Injection in Query Strings:\u003c/strong\u003e Removed the unsafe \u003ccode\u003e%00\u003c/code\u003e → null-byte substitution from \u003ccode\u003eAxiosURLSearchParams.encode\u003c/code\u003e so \u003ccode\u003e%00\u003c/code\u003e is preserved as-is. Other encoding behaviour (including \u003ccode\u003e%20\u003c/code\u003e → \u003ccode\u003e+\u003c/code\u003e) unchanged. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConsolidated v1 Security Backport:\u003c/strong\u003e Rolls up remaining v1 hardenings into \u003ccode\u003ev0.x\u003c/code\u003e: \u003ccode\u003emaxContentLength\u003c/code\u003e enforcement for \u003ccode\u003eresponseType: 'stream'\u003c/code\u003e via a guarded transform with deferred piping, \u003ccode\u003emaxBodyLength\u003c/code\u003e enforcement for streamed uploads on native \u003ccode\u003ehttp\u003c/code\u003e/\u003ccode\u003ehttps\u003c/code\u003e with \u003ccode\u003emaxRedirects: 0\u003c/code\u003e, and stricter \u003ccode\u003ewithXSRFToken\u003c/code\u003e handling so only own boolean \u003ccode\u003etrue\u003c/code\u003e enables cross-origin XSRF headers. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCODEOWNERS:\u003c/strong\u003e Added \u003ccode\u003e.github/CODEOWNERS\u003c/code\u003e with \u003ccode\u003e* @jasonsaayman\u003c/code\u003e to set a default reviewer for all paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.0...v0.31.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eThis release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and \u003ccode\u003ezizmor\u003c/code\u003e scanning, resolves TypeScript typing issues in \u003ccode\u003eAxiosInstance\u003c/code\u003e, and fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection \u0026amp; Proxy Bypass:\u003c/strong\u003e Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper \u003ccode\u003eNO_PROXY\u003c/code\u003e/\u003ccode\u003eno_proxy\u003c/code\u003e enforcement covering wildcards, explicit ports, loopback aliases (\u003ccode\u003elocalhost\u003c/code\u003e, \u003ccode\u003e127.0.0.1\u003c/code\u003e, \u003ccode\u003e::1\u003c/code\u003e), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and \u003ccode\u003eparsed.host\u003c/code\u003e is used for correct port and IPv6 handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10688\"\u003e#10688\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e SHA-pins all actions and disables credential persistence in v0.x CI, introduces \u003ccode\u003ezizmor\u003c/code\u003e security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required \u003ccode\u003enpm-publish\u003c/code\u003e GitHub Environment with configurable reviewer protections. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eTypeScript — \u003ccode\u003eAxiosInstance\u003c/code\u003e Return Types:\u003c/strong\u003e Fixes return types in \u003ccode\u003eAxiosInstance\u003c/code\u003e methods to correctly resolve to \u003ccode\u003ePromise\u0026lt;R\u0026gt;\u003c/code\u003e (matching \u003ccode\u003eAxiosPromise\u0026lt;T\u0026gt;\u003c/code\u003e semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance:\u003c/strong\u003e Fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e that caused excessive computation when the argument was a large string. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eVersioning \u0026amp; CI Workflow:\u003c/strong\u003e Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10690\"\u003e#10690\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10691\"\u003e#10691\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/nakataki17\"\u003e\u003ccode\u003e@​nakataki17\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/gmasclet\"\u003e\u003ccode\u003e@​gmasclet\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ivan-churakov\"\u003e\u003ccode\u003e@​ivan-churakov\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.30.3...v0.31.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/a589dc525af12e0fabef7d6e5be028ad433eee31\"\u003e\u003ccode\u003ea589dc5\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.31.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10766\"\u003e#10766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b0c632f36a5ea2e73c9bdf3a54164a8ede925736\"\u003e\u003ccode\u003eb0c632f\u003c/code\u003e\u003c/a\u003e fix: backport security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b52187f4571b6b8663fed5904e3082ab30660364\"\u003e\u003ccode\u003eb52187f\u003c/code\u003e\u003c/a\u003e fix: harden config merging (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e3ddeb40f6a142a234925341151e2ca631a6de64\"\u003e\u003ccode\u003ee3ddeb4\u003c/code\u003e\u003c/a\u003e fix: header security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f4f2d76e25cc0f777e5416e2d76282ab873ef9dc\"\u003e\u003ccode\u003ef4f2d76\u003c/code\u003e\u003c/a\u003e chore: stop committing dist/ and remove bower (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1f2f64433e5be205d74471c78c2721909282b9c0\"\u003e\u003ccode\u003e1f2f644\u003c/code\u003e\u003c/a\u003e chore: add CODEOWNERS (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44bca902e1bdd7dd6490c7b4985b63e729b0e634\"\u003e\u003ccode\u003e44bca90\u003c/code\u003e\u003c/a\u003e fix: improve regex in AxiosURLSearchParams (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4c4f07fabdb005f5430bab797f12b55e2ed5fb33\"\u003e\u003ccode\u003e4c4f07f\u003c/code\u003e\u003c/a\u003e fix: form data recursion (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5073eca0edd37b13a0e39dcb48794d779b7dff8d\"\u003e\u003ccode\u003e5073eca\u003c/code\u003e\u003c/a\u003e chore: release v0.31.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10697\"\u003e#10697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b57eb1a93214c9d6840035add0cc705fa9d6d697\"\u003e\u003ccode\u003eb57eb1a\u003c/code\u003e\u003c/a\u003e ci: update branch name (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.21.1...v0.31.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimist` from 1.2.5 to 1.2.8\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md\"\u003eminimist's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.7...v1.2.8\"\u003ev1.2.8\u003c/a\u003e - 2023-02-09\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/17\"\u003e\u003ccode\u003e[#17](https://github.com/minimistjs/minimist/issues/17)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/12\"\u003e\u003ccode\u003e[#12](https://github.com/minimistjs/minimist/issues/12)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/10\"\u003e\u003ccode\u003e[#10](https://github.com/minimistjs/minimist/issues/10)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/8\"\u003e\u003ccode\u003e[#8](https://github.com/minimistjs/minimist/issues/8)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/10\"\u003e#10\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/9\"\u003e\u003ccode\u003e[#9](https://github.com/minimistjs/minimist/issues/9)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Fix handling of short option with non-trivial equals \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/5\"\u003e\u003ccode\u003e[#5](https://github.com/minimistjs/minimist/issues/5)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/8\"\u003e\u003ccode\u003e[#8](https://github.com/minimistjs/minimist/issues/8)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/9\"\u003e\u003ccode\u003e[#9](https://github.com/minimistjs/minimist/issues/9)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMerge tag 'v0.2.3' \u003ca href=\"https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da\"\u003e\u003ccode\u003ea026794\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation and whitespace \u003ca href=\"https://github.com/minimistjs/minimist/commit/5368ca4147e974138a54cc0dc4cea8f756546b70\"\u003e\u003ccode\u003e5368ca4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation and whitespace \u003ca href=\"https://github.com/minimistjs/minimist/commit/e5f5067259ceeaf0b098d14bec910f87e58708c7\"\u003e\u003ccode\u003ee5f5067\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] more cleanup \u003ca href=\"https://github.com/minimistjs/minimist/commit/62fde7d935f83417fb046741531a9e2346a36976\"\u003e\u003ccode\u003e62fde7d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] more cleanup \u003ca href=\"https://github.com/minimistjs/minimist/commit/36ac5d0d95e4947d074e5737d94814034ca335d1\"\u003e\u003ccode\u003e36ac5d0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/73923d223553fca08b1ba77e3fbc2a492862ae4c\"\u003e\u003ccode\u003e73923d2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] add reusable workflows \u003ca href=\"https://github.com/minimistjs/minimist/commit/d80727df77bfa9e631044d7f16368d8f09242c91\"\u003e\u003ccode\u003ed80727d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] add eslint; rules to enable later are warnings \u003ca href=\"https://github.com/minimistjs/minimist/commit/48bc06a1b41f00e9cdf183db34f7a51ba70e98d4\"\u003e\u003ccode\u003e48bc06a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation \u003ca href=\"https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982\"\u003e\u003ccode\u003e34b0f1c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] rename and add badges \u003ca href=\"https://github.com/minimistjs/minimist/commit/5df0fe49211bd09a3636f8686a7cb3012c3e98f0\"\u003e\u003ccode\u003e5df0fe4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] switch from \u003ccode\u003ecovert\u003c/code\u003e to \u003ccode\u003enyc\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/a48b128fdb8d427dfb20a15273f83e38d97bef07\"\u003e\u003ccode\u003ea48b128\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ecovert\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e; remove unnecessary \u003ccode\u003etap\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/f0fb958e9a1fe980cdffc436a211b0bda58f621b\"\u003e\u003ccode\u003ef0fb958\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] create FUNDING.yml; add \u003ccode\u003efunding\u003c/code\u003e in package.json \u003ca href=\"https://github.com/minimistjs/minimist/commit/3639e0c819359a366387e425ab6eabf4c78d3caa\"\u003e\u003ccode\u003e3639e0c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] use \u003ccode\u003enpmignore\u003c/code\u003e to autogenerate an npmignore file \u003ca href=\"https://github.com/minimistjs/minimist/commit/be2e038c342d8333b32f0fde67a0026b79c8150e\"\u003e\u003ccode\u003ebe2e038\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/minimistjs/minimist/commit/282b570e7489d01b03f2d6d3dabf79cd3e5f84cf\"\u003e\u003ccode\u003e282b570\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eisConstructorOrProto adapted from PR \u003ca href=\"https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11\"\u003e\u003ccode\u003eef9153f\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79\"\u003e\u003ccode\u003e098873c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/3124ed3e46306301ebb3c834874ce0241555c2c4\"\u003e\u003ccode\u003e3124ed3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/4b927de696d561c636b4f43bf49d4597cb36d6d6\"\u003e\u003ccode\u003e4b927de\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add \u003ccode\u003eaud\u003c/code\u003e in \u003ccode\u003eposttest\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/b32d9bd0ab340f4e9f8c3a97ff2a4424f25fab8c\"\u003e\u003ccode\u003eb32d9bd\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] update repo URLs \u003ca href=\"https://github.com/minimistjs/minimist/commit/f9fdfc032c54884d9a9996a390c63cd0719bbe1a\"\u003e\u003ccode\u003ef9fdfc0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] Avoid 0.6 tests due to build failures \u003ca href=\"https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec\"\u003e\u003ccode\u003eba92fe6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003etape\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/950eaa74f112e04d23e9c606c67472c46739b473\"\u003e\u003ccode\u003e950eaa7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] add missing \u003ccode\u003enpmignore\u003c/code\u003e dev dep \u003ca href=\"https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b\"\u003e\u003ccode\u003e3226afa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge tag 'v0.2.2' \u003ca href=\"https://github.com/minimistjs/minimist/commit/980d7ac61a0b4bd552711251ac107d506b23e41f\"\u003e\u003ccode\u003e980d7ac\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.6...v1.2.7\"\u003ev1.2.7\u003c/a\u003e - 2022-10-10\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/6901ee286bc4c16da6830b48b46ce1574703cea1\"\u003e\u003ccode\u003e6901ee2\u003c/code\u003e\u003c/a\u003e v1.2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da\"\u003e\u003ccode\u003ea026794\u003c/code\u003e\u003c/a\u003e Merge tag 'v0.2.3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/c0b26618322e94adea26c68e613ef0be482c6c63\"\u003e\u003ccode\u003ec0b2661\u003c/code\u003e\u003c/a\u003e v0.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/63b8fee87b8e7a003216d5d77ba5d6decf3cfb0d\"\u003e\u003ccode\u003e63b8fee\u003c/code\u003e\u003c/a\u003e [Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/72239e6f0ea77d8be0ad4f682b7ae7d142144395\"\u003e\u003ccode\u003e72239e6\u003c/code\u003e\u003c/a\u003e [Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982\"\u003e\u003ccode\u003e34b0f1c\u003c/code\u003e\u003c/a\u003e [eslint] fix indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b\"\u003e\u003ccode\u003e3226afa\u003c/code\u003e\u003c/a\u003e [Dev Deps] add missing \u003ccode\u003enpmignore\u003c/code\u003e dev dep\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79\"\u003e\u003ccode\u003e098873c\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/9ec4d279ced72ea2f60237218e71cc03aa0dfdd6\"\u003e\u003ccode\u003e9ec4d27\u003c/code\u003e\u003c/a\u003e [Fix] Fix long option followed by single dash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec\"\u003e\u003ccode\u003eba92fe6\u003c/code\u003e\u003c/a\u003e [actions] Avoid 0.6 tests due to build failures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for minimist since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decode-uri-component` from 0.2.0 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/releases\"\u003edecode-uri-component's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent overwriting previously decoded tokens  980e0bf\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to GitHub workflows  76abc93\u003c/li\u003e\n\u003cli\u003eFix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e  746ca5d\u003c/li\u003e\n\u003cli\u003eUpdate license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)  486d7e2\u003c/li\u003e\n\u003cli\u003eTidelift tasks  a650457\u003c/li\u003e\n\u003cli\u003eMeta tweaks  66e1c28\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a0eea469d26eb0df668b081672cdb9581feb78eb\"\u003e\u003ccode\u003ea0eea46\u003c/code\u003e\u003c/a\u003e 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/980e0bf09b64d94f1aa79012f895816c30ffd152\"\u003e\u003ccode\u003e980e0bf\u003c/code\u003e\u003c/a\u003e Prevent overwriting previously decoded tokens\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/3c8a373dd4837e89b3f970e01295dd03e1405a33\"\u003e\u003ccode\u003e3c8a373\u003c/code\u003e\u003c/a\u003e 0.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/76abc939783fe3900fadb7d384a74d324d5557f3\"\u003e\u003ccode\u003e76abc93\u003c/code\u003e\u003c/a\u003e Switch to GitHub workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9\"\u003e\u003ccode\u003e746ca5d\u003c/code\u003e\u003c/a\u003e Fix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/486d7e26d3a8c0fbe860fb651fe1bc98c2f2be30\"\u003e\u003ccode\u003e486d7e2\u003c/code\u003e\u003c/a\u003e Update license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a65045724e6234acef87f31da499d4807b20b134\"\u003e\u003ccode\u003ea650457\u003c/code\u003e\u003c/a\u003e Tidelift tasks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/66e1c2834c0e189201cb65196ec3101372459b02\"\u003e\u003ccode\u003e66e1c28\u003c/code\u003e\u003c/a\u003e Meta tweaks\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.0.33 to 0.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md\"\u003etmp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2 (2024-02-28)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/278\"\u003e#278\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/268\"\u003e#268\u003c/a\u003e: Revert \u0026quot;fix \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/246\"\u003e#246\u003c/a\u003e: remove any double quotes or single quotes… (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/279\"\u003e#279\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/266\"\u003e#266\u003c/a\u003e: move paragraph on graceful cleanup to the head of the documentation (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 5\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDave Nicolson (\u003ca href=\"https://github.com/dnicolson\"\u003e\u003ccode\u003e@​dnicolson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKARASZI István (\u003ca href=\"https://github.com/raszi\"\u003e\u003ccode\u003e@​raszi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaxime Bargiel (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/robertoaceves\"\u003e\u003ccode\u003e@​robertoaceves\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.1 (2020-04-28)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/252\"\u003e#252\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/250\"\u003e#250\u003c/a\u003e: introduce tmpdir option for overriding the system tmp dir (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/253\"\u003e#253\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/191\"\u003e#191\u003c/a\u003e: generate changelog from pull requests using lerna-changelog (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.0 (2020-04-25)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/234\"\u003e#234\u003c/a\u003e feat: stabilize tmp for v0.2.0 release (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/231\"\u003e#231\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/230\"\u003e#230\u003c/a\u003e: regression after fix for \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/220\"\u003e#220\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e: return sync callback when using the sync interface, otherwise return the async callback (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/193\"\u003e#193\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/192\"\u003e#192\u003c/a\u003e: tmp must not exit the process on its own (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/221\"\u003e#221\u003c/a\u003e Gh 206 document name option (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/226\"\u003e#226\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/212\"\u003e#212\u003c/a\u003e: enable direct name option test (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/225\"\u003e#225\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/211\"\u003e#211\u003c/a\u003e: existing tests must clean up after themselves (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/224\"\u003e#224\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/217\"\u003e#217\u003c/a\u003e: name tests must use tmpName (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/223\"\u003e#223\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/214\"\u003e#214\u003c/a\u003e: refactor tests and lib (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/198\"\u003e#198\u003c/a\u003e Update dependencies to latest versions (\u003ca href=\"https://github.com/matsev\"\u003e\u003ccode\u003e@​matsev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787\"\u003e\u003ccode\u003e1cf4ec5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\"\u003e\u003ccode\u003e188b25e\u003c/code\u003e\u003c/a\u003e Fix GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa\"\u003e\u003ccode\u003e73b9fe4\u003c/code\u003e\u003c/a\u003e Add test case for GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b8e2f29a7575352e49e4882a836aab4bd2ec927f\"\u003e\u003ccode\u003eb8e2f29\u003c/code\u003e\u003c/a\u003e Remove broken tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/2892a027b4d2d3a25d1d08a398bc108a0200857f\"\u003e\u003ccode\u003e2892a02\u003c/code\u003e\u003c/a\u003e Remove outdated URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/f5923182461a89e9de5a7a09c75f410a76979ae7\"\u003e\u003ccode\u003ef592318\u003c/code\u003e\u003c/a\u003e Reformat package.json\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.0.33...v0.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.13.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/37caaad57dc37d350d9a4577a5da53f482bb2983\"\u003e\u003ccode\u003e37caaad\u003c/code\u003e\u003c/a\u003e 3.14.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/094c0f7a79e6ff9e2b4d50b22686d2586894b58f\"\u003e\u003ccode\u003e094c0f7\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9586ebe23298427d26b3479979bd6499bf3a14c2\"\u003e\u003ccode\u003e9586ebe\u003c/code\u003e\u003c/a\u003e Avoid calling hasOwnProperty of user-controlled objects\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/34e5072f43fd36b08aaaad433da73c10d47c41e5\"\u003e\u003ccode\u003e34e5072\u003c/code\u003e\u003c/a\u003e 3.14.0 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/7b25c83a6dc77097c2bf14bf714e168f60ee199b\"\u003e\u003ccode\u003e7b25c83\u003c/code\u003e\u003c/a\u003e Browser files rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/6f7347396867b8dcfc042722c2aae810dfe4caae\"\u003e\u003ccode\u003e6f73473\u003c/code\u003e\u003c/a\u003e Dev deps bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/0c293491d903cddcd41b41c165bc45eeb9a8d720\"\u003e\u003ccode\u003e0c29349\u003c/code\u003e\u003c/a\u003e Travis-CI: drop old nodejs versions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.13.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json-schema` from 0.2.3 to 0.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa\"\u003e\u003ccode\u003ef6f6a3b\u003c/code\u003e\u003c/a\u003e Use a little more robust method of checking instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/ef60987a9a14b9d9c739384460044ba53cd9b9a2\"\u003e\u003ccode\u003eef60987\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a\"\u003e\u003ccode\u003eb62f1da\u003c/code\u003e\u003c/a\u003e Protect against constructor modification, \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/84\"\u003e#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/fb427cd4d175684786e4b2538718e72453e825e9\"\u003e\u003ccode\u003efb427cd\u003c/code\u003e\u003c/a\u003e Link to json-schema-org repository in addition to site, fixes \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/54\"\u003e#54\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741\"\u003e\u003ccode\u003e22f1461\u003c/code\u003e\u003c/a\u003e Don't allow \u003cstrong\u003eproto\u003c/strong\u003e property to be used for schema default/coerce, fixes \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/84\"\u003e#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/c52a27c653428149e4f9fb776d5e110d04639a9c\"\u003e\u003ccode\u003ec52a27c\u003c/code\u003e\u003c/a\u003e Get basic test to pass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/b3f42b3331608fe83b6cc267c5fc513ec1b839ed\"\u003e\u003ccode\u003eb3f42b3\u003c/code\u003e\u003c/a\u003e Add security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/3b0cec3042a5aac5c967fd43475f5edc4c5b6eff\"\u003e\u003ccode\u003e3b0cec3\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/c28470f2d64bace29c73d140f9c6876e3c3a9fef\"\u003e\u003ccode\u003ec28470f\u003c/code\u003e\u003c/a\u003e Update readme to acknowledge the state of the package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/7dff9cd2c35c31ff3c43fa4e38737c94283dd3d3\"\u003e\u003ccode\u003e7dff9cd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/81\"\u003e#81\u003c/a\u003e from hodovani/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kriszyp/json-schema/compare/v0.2.3...v0.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimist` from 1.2.5 to 1.2.8\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md\"\u003eminimist's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.7...v1.2.8\"\u003ev1.2.8\u003c/a\u003e - 2023-02-09\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/17\"\u003e\u003ccode\u003e[#17](https://github.com/minimistjs/minimist/issues/17)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/12\"\u003e\u003ccode\u003e[#12](https://github.com/minimistjs/minimist/issues/12)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/10\"\u003e\u003ccode\u003e[#10](https://github.com/minimistjs/minimist/issues/10)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e) \u003ca href=\"https://...\n\n_Description has been truncated_\n\u003c!-- devin-review-badge-begin --\u003e\n\n---\n\n\u003ca href=\"https://app.devin.ai/review/cyptopimpinainteazy/dextoolsweb3.js/pull/7\" target=\"_blank\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1\"\u003e\n    \u003cimg src=\"https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1\" alt=\"Open in Devin Review\"\u003e\n  \u003c/picture\u003e\n\u003c/a\u003e\n\u003c!-- devin-review-badge-end --\u003e\n\n\u003c!-- RECURSEML_SUMMARY:START --\u003e\n## High-level PR Summary\nThis PR updates 16 npm packages across 19 directories in a monorepo to address security vulnerabilities and improve dependency versions. Key updates include `underscore` (1.9.1 → 1.13.8), `uuid` (3.3.2 → 14.0.0), `axios` (0.21.1 → 0.31.1), `bn.js` (4.11.9 → 4.12.3), `minimist` (1.2.5 → 1.2.8), `decode-uri-component` (0.2.0 → 0.2.2), `tmp` (0.0.33/0.2.1 → 0.2.5), `js-yaml` (3.13.1/3.14.1 → 3.14.2), and `json-schema` (0.2.3 → 0.4.0). Several development dependencies including `karma`, `lerna`, and `mocha` are also upgraded in the root package. Some packages have `underscore` removed as a direct dependency where appropriate.\n\n⏱️ Estimated Review Time: 30-90 minutes\n\n\u003cdetails\u003e\n\u003csummary\u003e💡 Review Order Suggestion\u003c/summary\u003e\n\n| Order | File Path |\n|-------|-----------|\n| 1 | `package.json` |\n| 2 | `package-lock.json` |\n| 3 | `packages/web3-eth2-core/package.json` |\n| 4 | `packages/web3-eth-accounts/package.json` |\n| 5 | `packages/web3-bzz/package.json` |\n| 6 | `packages/web3-core-helpers/package.json` |\n| 7 | `packages/web3-core-method/package.json` |\n| 8 | `packages/web3-core-requestmanager/package.json` |\n| 9 | `packages/web3-core-requestmanager/package-lock.json` |\n| 10 | `packages/web3-core-subscriptions/package.json` |\n| 11 | `packages/web3-eth-abi/package.json` |\n| 12 | `packages/web3-eth-ens/package.json` |\n| 13 | `packages/web3-eth-iban/package.json` |\n| 14 | `packages/web3-eth-contract/package.json` |\n| 15 | `packages/web3-eth/package.json` |\n| 16 | `packages/web3-providers-ipc/package.json` |\n| 17 | `packages/web3-providers-ws/package.json` |\n| 18 | `packages/web3-providers-http/package.json` |\n| 19 | `packages/web3-utils/package.json` |\n| 20 | `packages/web3-net/package.json` |\n| 21 | `packages/web3-core/package.json` |\n| 22 | `packages/web3-bzz/package-lock.json` |\n| 23 | `packages/web3-core-helpers/package-lock.json` |\n| 24 | `packages/web3-core-subscriptions/package-lock.json` |\n| 25 | `packages/web3-core/package-lock.json` |\n| 26 | `packages/web3-eth-abi/package-lock.json` |\n| 27 | `packages/web3-eth-accounts/package-lock.json` |\n| 28 | `packages/web3-eth-contract/package-lock.json` |\n| 29 | `packages/web3-eth-ens/package-lock.json` |\n| 30 | `packages/web3-eth-iban/package-lock.json` |\n| 31 | `packages/web3-eth-personal/package-lock.json` |\n| 32 | `packages/web3-eth2-beaconchain/package-lock.json` |\n| 33 | `packages/web3-eth2-core/package-lock.json` |\n| 34 | `packages/web3-eth/package-lock.json` |\n| 35 | `packages/web3-net/package-lock.json` |\n| 36 | `packages/web3-providers-http/package-lock.json` |\n| 37 | `packages/web3-providers-ipc/package-lock.json` |\n| 38 | `packages/web3-providers-ws/package-lock.json` |\n| 39 | `packages/web3-shh/package-lock.json` |\n| 40 | `packages/web3-utils/package-lock.json` |\n| 41 | `packages/web3/package-lock.json` |\n\u003c/details\u003e\n\n\n\n[![Need help? Join our Discord](https://img.shields.io/badge/Need%20help%3F%20Join%20our%20Discord-5865F2?style=plastic\u0026logo=discord\u0026logoColor=white)](https://discord.gg/n3SsVDAW6U)\n\n\u003c!-- RECURSEML_SUMMARY:END --\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate third-party deps across the monorepo to pick up security fixes and modernize tooling. Key bumps include `underscore@1.13.8`, `axios@0.31.1`, `bn.js@4.12.3`, and `uuid@14.0.0`, plus some `web3-*` packages now target `1.10.x`.\n\n- **Dependencies**\n  - Security: `axios@0.31.1`, `js-yaml@3.14.2`, `json-schema@0.4.0`, `minimist@1.2.8`, `decode-uri-component@0.2.2`.\n  - Libs: `underscore@1.13.8`, `bn.js@4.12.3`, `min-document@2.19.2`, `simple-get@2.8.2`.\n  - Tooling: `karma@6.4.4`, `lerna@9.0.7`, `mocha@11.7.6`.\n  - Internal alignment: some modules now depend on `web3-core(-helpers|-method|-requestmanager)@1.10.3` and `web3-utils@1.10.4`.\n\n- **Migration**\n  - `uuid@14` requires Node 20+ and a global `crypto`. Use ESM import: `import { v4 as uuidv4 } from 'uuid'`. If you must stay on Node \u003c20 or CommonJS, pin to an earlier `uuid` or add a polyfill.\n  - Ensure CI/runtime uses Node 20+ where `uuid` is used.\n  - Verify consumers are compatible with the `web3-*` `1.10.x` dependencies to avoid version mismatches.\n\n\u003csup\u003eWritten for commit 4b49a421c6cc241b527b823229eaef5eb724db0b. Summary will update on new commits. \u003ca href=\"https://cubic.dev/pr/Cyptopimpinainteazy/DEXTOOLSweb3.js/pull/7?utm_source=github\"\u003eReview in cubic\u003c/a\u003e\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/Cyptopimpinainteazy/DEXTOOLSweb3.js/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyptopimpinainteazy%2FDEXTOOLSweb3.js/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4510426467","node_id":"PR_kwDON6Mqlc7euYzN","number":6,"state":"closed","title":"Bump the npm_and_yarn group across 18 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-24T03:59:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-24T03:58:09.000Z","updated_at":"2026-05-24T04:01:52.000Z","time_to_close":102,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":16,"packages":[{"name":"bn.js","old_version":"4.11.9","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"underscore","old_version":"1.9.1","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"uuid","old_version":"3.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"axios","old_version":"0.21.1","new_version":"0.31.1","repository_url":"https://github.com/axios/axios"},{"name":"minimist","old_version":"1.2.5","new_version":"1.2.8","repository_url":"https://github.com/minimistjs/minimist"},{"name":"decode-uri-component","old_version":"0.2.0","new_version":"0.2.2","repository_url":"https://github.com/SamVerschueren/decode-uri-component"},{"name":"tmp","old_version":"0.0.33","new_version":"0.2.5","repository_url":"https://github.com/raszi/node-tmp"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"json-schema","old_version":"0.2.3","new_version":"0.4.0","repository_url":"https://github.com/kriszyp/json-schema"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [uuid](https://github.com/uuidjs/uuid) | `3.3.2` | `14.0.0` |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `0.31.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.0.33` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/web3-bzz directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [simple-get](https://github.com/feross/simple-get) | `2.8.1` | `2.8.2` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-core-helpers directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.6` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-core-subscriptions directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-eth directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth-abi directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-eth-ens directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth-iban directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3-eth-personal directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth2-beaconchain directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.5` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [form-data](https://github.com/form-data/form-data) | `2.3.3` | `3.0.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 8 updates in the /packages/web3-eth2-core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `0.31.1` |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.5` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [form-data](https://github.com/form-data/form-data) | `2.3.3` | `3.0.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-net directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-providers-http directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-providers-ws directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3-shh directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/web3-utils directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [simple-get](https://github.com/feross/simple-get) | `2.8.1` | `2.8.2` |\n\n\nUpdates `bn.js` from 4.11.9 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/84ae31344a557abb78ddabe3bac923b7503e4fb5\"\u003e\u003ccode\u003e84ae313\u003c/code\u003e\u003c/a\u003e 4.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/967ed0a50a9400bbbd83b450550cf37f7fa178b9\"\u003e\u003ccode\u003e967ed0a\u003c/code\u003e\u003c/a\u003e fix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/61962320d7907a1a4d03a665782cb2733160c907\"\u003e\u003ccode\u003e6196232\u003c/code\u003e\u003c/a\u003e Fix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.9.1 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.9.1...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jgonggrijp\"\u003ejgonggrijp\u003c/a\u003e, a new releaser for underscore since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 3.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v3.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.21.1 to 0.31.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.31.1\u003c/h2\u003e\n\u003cp\u003eThis release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed \u003ccode\u003edist/\u003c/code\u003e artefacts along with Bower support.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBower \u0026amp; Committed \u003ccode\u003edist/\u003c/code\u003e Removed:\u003c/strong\u003e \u003ccode\u003edist/\u003c/code\u003e bundles are no longer committed to the repo, and \u003ccode\u003ebower.json\u003c/code\u003e plus the Grunt \u003ccode\u003epackage2bower\u003c/code\u003e task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9):\u003c/strong\u003e Tightened \u003ccode\u003eisFormData\u003c/code\u003e to reject plain/null-prototype objects and require \u003ccode\u003eappend\u003c/code\u003e, and guarded the Node HTTP adapter so \u003ccode\u003edata.getHeaders()\u003c/code\u003e is only merged when it is not inherited from \u003ccode\u003eObject.prototype\u003c/code\u003e. Blocks injected headers via polluted \u003ccode\u003egetHeaders\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf):\u003c/strong\u003e \u003ccode\u003emergeConfig\u003c/code\u003e, defaults resolution, and the HTTP adapter now uses own-property checks for \u003ccode\u003etransport\u003c/code\u003e, \u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eBlob\u003c/code\u003e, \u003ccode\u003eformSerializer\u003c/code\u003e, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFormData / Params Recursion DoS:\u003c/strong\u003e Added a configurable \u003ccode\u003emaxDepth\u003c/code\u003e (default \u003ccode\u003e100\u003c/code\u003e, \u003ccode\u003eInfinity\u003c/code\u003e disables) to \u003ccode\u003etoFormData\u003c/code\u003e and params serialisation, throwing \u003ccode\u003eAxiosError\u003c/code\u003e with code \u003ccode\u003eERR_FORM_DATA_DEPTH_EXCEEDED\u003c/code\u003e when exceeded. Circular-reference detection is preserved. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNull-Byte Injection in Query Strings:\u003c/strong\u003e Removed the unsafe \u003ccode\u003e%00\u003c/code\u003e → null-byte substitution from \u003ccode\u003eAxiosURLSearchParams.encode\u003c/code\u003e so \u003ccode\u003e%00\u003c/code\u003e is preserved as-is. Other encoding behaviour (including \u003ccode\u003e%20\u003c/code\u003e → \u003ccode\u003e+\u003c/code\u003e) unchanged. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConsolidated v1 Security Backport:\u003c/strong\u003e Rolls up remaining v1 hardenings into \u003ccode\u003ev0.x\u003c/code\u003e: \u003ccode\u003emaxContentLength\u003c/code\u003e enforcement for \u003ccode\u003eresponseType: 'stream'\u003c/code\u003e via a guarded transform with deferred piping, \u003ccode\u003emaxBodyLength\u003c/code\u003e enforcement for streamed uploads on native \u003ccode\u003ehttp\u003c/code\u003e/\u003ccode\u003ehttps\u003c/code\u003e with \u003ccode\u003emaxRedirects: 0\u003c/code\u003e, and stricter \u003ccode\u003ewithXSRFToken\u003c/code\u003e handling so only own boolean \u003ccode\u003etrue\u003c/code\u003e enables cross-origin XSRF headers. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCODEOWNERS:\u003c/strong\u003e Added \u003ccode\u003e.github/CODEOWNERS\u003c/code\u003e with \u003ccode\u003e* @jasonsaayman\u003c/code\u003e to set a default reviewer for all paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.0...v0.31.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eThis release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and \u003ccode\u003ezizmor\u003c/code\u003e scanning, resolves TypeScript typing issues in \u003ccode\u003eAxiosInstance\u003c/code\u003e, and fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection \u0026amp; Proxy Bypass:\u003c/strong\u003e Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper \u003ccode\u003eNO_PROXY\u003c/code\u003e/\u003ccode\u003eno_proxy\u003c/code\u003e enforcement covering wildcards, explicit ports, loopback aliases (\u003ccode\u003elocalhost\u003c/code\u003e, \u003ccode\u003e127.0.0.1\u003c/code\u003e, \u003ccode\u003e::1\u003c/code\u003e), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and \u003ccode\u003eparsed.host\u003c/code\u003e is used for correct port and IPv6 handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10688\"\u003e#10688\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e SHA-pins all actions and disables credential persistence in v0.x CI, introduces \u003ccode\u003ezizmor\u003c/code\u003e security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required \u003ccode\u003enpm-publish\u003c/code\u003e GitHub Environment with configurable reviewer protections. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eTypeScript — \u003ccode\u003eAxiosInstance\u003c/code\u003e Return Types:\u003c/strong\u003e Fixes return types in \u003ccode\u003eAxiosInstance\u003c/code\u003e methods to correctly resolve to \u003ccode\u003ePromise\u0026lt;R\u0026gt;\u003c/code\u003e (matching \u003ccode\u003eAxiosPromise\u0026lt;T\u0026gt;\u003c/code\u003e semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance:\u003c/strong\u003e Fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e that caused excessive computation when the argument was a large string. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eVersioning \u0026amp; CI Workflow:\u003c/strong\u003e Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10690\"\u003e#10690\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10691\"\u003e#10691\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/nakataki17\"\u003e\u003ccode\u003e@​nakataki17\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/gmasclet\"\u003e\u003ccode\u003e@​gmasclet\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ivan-churakov\"\u003e\u003ccode\u003e@​ivan-churakov\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.30.3...v0.31.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/a589dc525af12e0fabef7d6e5be028ad433eee31\"\u003e\u003ccode\u003ea589dc5\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.31.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10766\"\u003e#10766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b0c632f36a5ea2e73c9bdf3a54164a8ede925736\"\u003e\u003ccode\u003eb0c632f\u003c/code\u003e\u003c/a\u003e fix: backport security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b52187f4571b6b8663fed5904e3082ab30660364\"\u003e\u003ccode\u003eb52187f\u003c/code\u003e\u003c/a\u003e fix: harden config merging (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e3ddeb40f6a142a234925341151e2ca631a6de64\"\u003e\u003ccode\u003ee3ddeb4\u003c/code\u003e\u003c/a\u003e fix: header security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f4f2d76e25cc0f777e5416e2d76282ab873ef9dc\"\u003e\u003ccode\u003ef4f2d76\u003c/code\u003e\u003c/a\u003e chore: stop committing dist/ and remove bower (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1f2f64433e5be205d74471c78c2721909282b9c0\"\u003e\u003ccode\u003e1f2f644\u003c/code\u003e\u003c/a\u003e chore: add CODEOWNERS (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44bca902e1bdd7dd6490c7b4985b63e729b0e634\"\u003e\u003ccode\u003e44bca90\u003c/code\u003e\u003c/a\u003e fix: improve regex in AxiosURLSearchParams (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4c4f07fabdb005f5430bab797f12b55e2ed5fb33\"\u003e\u003ccode\u003e4c4f07f\u003c/code\u003e\u003c/a\u003e fix: form data recursion (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5073eca0edd37b13a0e39dcb48794d779b7dff8d\"\u003e\u003ccode\u003e5073eca\u003c/code\u003e\u003c/a\u003e chore: release v0.31.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10697\"\u003e#10697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b57eb1a93214c9d6840035add0cc705fa9d6d697\"\u003e\u003ccode\u003eb57eb1a\u003c/code\u003e\u003c/a\u003e ci: update branch name (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.21.1...v0.31.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimist` from 1.2.5 to 1.2.8\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md\"\u003eminimist's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.7...v1.2.8\"\u003ev1.2.8\u003c/a\u003e - 2023-02-09\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/17\"\u003e\u003ccode\u003e[#17](https://github.com/minimistjs/minimist/issues/17)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/12\"\u003e\u003ccode\u003e[#12](https://github.com/minimistjs/minimist/issues/12)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/10\"\u003e\u003ccode\u003e[#10](https://github.com/minimistjs/minimist/issues/10)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/8\"\u003e\u003ccode\u003e[#8](https://github.com/minimistjs/minimist/issues/8)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/10\"\u003e#10\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/9\"\u003e\u003ccode\u003e[#9](https://github.com/minimistjs/minimist/issues/9)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Fix handling of short option with non-trivial equals \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/5\"\u003e\u003ccode\u003e[#5](https://github.com/minimistjs/minimist/issues/5)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/8\"\u003e\u003ccode\u003e[#8](https://github.com/minimistjs/minimist/issues/8)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/9\"\u003e\u003ccode\u003e[#9](https://github.com/minimistjs/minimist/issues/9)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMerge tag 'v0.2.3' \u003ca href=\"https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da\"\u003e\u003ccode\u003ea026794\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation and whitespace \u003ca href=\"https://github.com/minimistjs/minimist/commit/5368ca4147e974138a54cc0dc4cea8f756546b70\"\u003e\u003ccode\u003e5368ca4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation and whitespace \u003ca href=\"https://github.com/minimistjs/minimist/commit/e5f5067259ceeaf0b098d14bec910f87e58708c7\"\u003e\u003ccode\u003ee5f5067\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] more cleanup \u003ca href=\"https://github.com/minimistjs/minimist/commit/62fde7d935f83417fb046741531a9e2346a36976\"\u003e\u003ccode\u003e62fde7d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] more cleanup \u003ca href=\"https://github.com/minimistjs/minimist/commit/36ac5d0d95e4947d074e5737d94814034ca335d1\"\u003e\u003ccode\u003e36ac5d0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/73923d223553fca08b1ba77e3fbc2a492862ae4c\"\u003e\u003ccode\u003e73923d2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] add reusable workflows \u003ca href=\"https://github.com/minimistjs/minimist/commit/d80727df77bfa9e631044d7f16368d8f09242c91\"\u003e\u003ccode\u003ed80727d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] add eslint; rules to enable later are warnings \u003ca href=\"https://github.com/minimistjs/minimist/commit/48bc06a1b41f00e9cdf183db34f7a51ba70e98d4\"\u003e\u003ccode\u003e48bc06a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation \u003ca href=\"https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982\"\u003e\u003ccode\u003e34b0f1c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] rename and add badges \u003ca href=\"https://github.com/minimistjs/minimist/commit/5df0fe49211bd09a3636f8686a7cb3012c3e98f0\"\u003e\u003ccode\u003e5df0fe4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] switch from \u003ccode\u003ecovert\u003c/code\u003e to \u003ccode\u003enyc\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/a48b128fdb8d427dfb20a15273f83e38d97bef07\"\u003e\u003ccode\u003ea48b128\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ecovert\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e; remove unnecessary \u003ccode\u003etap\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/f0fb958e9a1fe980cdffc436a211b0bda58f621b\"\u003e\u003ccode\u003ef0fb958\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] create FUNDING.yml; add \u003ccode\u003efunding\u003c/code\u003e in package.json \u003ca href=\"https://github.com/minimistjs/minimist/commit/3639e0c819359a366387e425ab6eabf4c78d3caa\"\u003e\u003ccode\u003e3639e0c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] use \u003ccode\u003enpmignore\u003c/code\u003e to autogenerate an npmignore file \u003ca href=\"https://github.com/minimistjs/minimist/commit/be2e038c342d8333b32f0fde67a0026b79c8150e\"\u003e\u003ccode\u003ebe2e038\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/minimistjs/minimist/commit/282b570e7489d01b03f2d6d3dabf79cd3e5f84cf\"\u003e\u003ccode\u003e282b570\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eisConstructorOrProto adapted from PR \u003ca href=\"https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11\"\u003e\u003ccode\u003eef9153f\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79\"\u003e\u003ccode\u003e098873c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/3124ed3e46306301ebb3c834874ce0241555c2c4\"\u003e\u003ccode\u003e3124ed3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/4b927de696d561c636b4f43bf49d4597cb36d6d6\"\u003e\u003ccode\u003e4b927de\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add \u003ccode\u003eaud\u003c/code\u003e in \u003ccode\u003eposttest\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/b32d9bd0ab340f4e9f8c3a97ff2a4424f25fab8c\"\u003e\u003ccode\u003eb32d9bd\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] update repo URLs \u003ca href=\"https://github.com/minimistjs/minimist/commit/f9fdfc032c54884d9a9996a390c63cd0719bbe1a\"\u003e\u003ccode\u003ef9fdfc0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] Avoid 0.6 tests due to build failures \u003ca href=\"https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec\"\u003e\u003ccode\u003eba92fe6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003etape\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/950eaa74f112e04d23e9c606c67472c46739b473\"\u003e\u003ccode\u003e950eaa7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] add missing \u003ccode\u003enpmignore\u003c/code\u003e dev dep \u003ca href=\"https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b\"\u003e\u003ccode\u003e3226afa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge tag 'v0.2.2' \u003ca href=\"https://github.com/minimistjs/minimist/commit/980d7ac61a0b4bd552711251ac107d506b23e41f\"\u003e\u003ccode\u003e980d7ac\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.6...v1.2.7\"\u003ev1.2.7\u003c/a\u003e - 2022-10-10\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/6901ee286bc4c16da6830b48b46ce1574703cea1\"\u003e\u003ccode\u003e6901ee2\u003c/code\u003e\u003c/a\u003e v1.2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da\"\u003e\u003ccode\u003ea026794\u003c/code\u003e\u003c/a\u003e Merge tag 'v0.2.3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/c0b26618322e94adea26c68e613ef0be482c6c63\"\u003e\u003ccode\u003ec0b2661\u003c/code\u003e\u003c/a\u003e v0.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/63b8fee87b8e7a003216d5d77ba5d6decf3cfb0d\"\u003e\u003ccode\u003e63b8fee\u003c/code\u003e\u003c/a\u003e [Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/72239e6f0ea77d8be0ad4f682b7ae7d142144395\"\u003e\u003ccode\u003e72239e6\u003c/code\u003e\u003c/a\u003e [Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982\"\u003e\u003ccode\u003e34b0f1c\u003c/code\u003e\u003c/a\u003e [eslint] fix indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b\"\u003e\u003ccode\u003e3226afa\u003c/code\u003e\u003c/a\u003e [Dev Deps] add missing \u003ccode\u003enpmignore\u003c/code\u003e dev dep\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79\"\u003e\u003ccode\u003e098873c\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/9ec4d279ced72ea2f60237218e71cc03aa0dfdd6\"\u003e\u003ccode\u003e9ec4d27\u003c/code\u003e\u003c/a\u003e [Fix] Fix long option followed by single dash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec\"\u003e\u003ccode\u003eba92fe6\u003c/code\u003e\u003c/a\u003e [actions] Avoid 0.6 tests due to build failures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for minimist since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decode-uri-component` from 0.2.0 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/releases\"\u003edecode-uri-component's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent overwriting previously decoded tokens  980e0bf\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to GitHub workflows  76abc93\u003c/li\u003e\n\u003cli\u003eFix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e  746ca5d\u003c/li\u003e\n\u003cli\u003eUpdate license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)  486d7e2\u003c/li\u003e\n\u003cli\u003eTidelift tasks  a650457\u003c/li\u003e\n\u003cli\u003eMeta tweaks  66e1c28\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a0eea469d26eb0df668b081672cdb9581feb78eb\"\u003e\u003ccode\u003ea0eea46\u003c/code\u003e\u003c/a\u003e 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/980e0bf09b64d94f1aa79012f895816c30ffd152\"\u003e\u003ccode\u003e980e0bf\u003c/code\u003e\u003c/a\u003e Prevent overwriting previously decoded tokens\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/3c8a373dd4837e89b3f970e01295dd03e1405a33\"\u003e\u003ccode\u003e3c8a373\u003c/code\u003e\u003c/a\u003e 0.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/76abc939783fe3900fadb7d384a74d324d5557f3\"\u003e\u003ccode\u003e76abc93\u003c/code\u003e\u003c/a\u003e Switch to GitHub workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9\"\u003e\u003ccode\u003e746ca5d\u003c/code\u003e\u003c/a\u003e Fix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/486d7e26d3a8c0fbe860fb651fe1bc98c2f2be30\"\u003e\u003ccode\u003e486d7e2\u003c/code\u003e\u003c/a\u003e Update license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a65045724e6234acef87f31da499d4807b20b134\"\u003e\u003ccode\u003ea650457\u003c/code\u003e\u003c/a\u003e Tidelift tasks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/66e1c2834c0e189201cb65196ec3101372459b02\"\u003e\u003ccode\u003e66e1c28\u003c/code\u003e\u003c/a\u003e Meta tweaks\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.0.33 to 0.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md\"\u003etmp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2 (2024-02-28)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/278\"\u003e#278\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/268\"\u003e#268\u003c/a\u003e: Revert \u0026quot;fix \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/246\"\u003e#246\u003c/a\u003e: remove any double quotes or single quotes… (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/279\"\u003e#279\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/266\"\u003e#266\u003c/a\u003e: move paragraph on graceful cleanup to the head of the documentation (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 5\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDave Nicolson (\u003ca href=\"https://github.com/dnicolson\"\u003e\u003ccode\u003e@​dnicolson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKARASZI István (\u003ca href=\"https://github.com/raszi\"\u003e\u003ccode\u003e@​raszi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaxime Bargiel (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/robertoaceves\"\u003e\u003ccode\u003e@​robertoaceves\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.1 (2020-04-28)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/252\"\u003e#252\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/250\"\u003e#250\u003c/a\u003e: introduce tmpdir option for overriding the system tmp dir (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/253\"\u003e#253\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/191\"\u003e#191\u003c/a\u003e: generate changelog from pull requests using lerna-changelog (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.0 (2020-04-25)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/234\"\u003e#234\u003c/a\u003e feat: stabilize tmp for v0.2.0 release (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/231\"\u003e#231\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/230\"\u003e#230\u003c/a\u003e: regression after fix for \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/220\"\u003e#220\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e: return sync callback when using the sync interface, otherwise return the async callback (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/193\"\u003e#193\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/192\"\u003e#192\u003c/a\u003e: tmp must not exit the process on its own (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/221\"\u003e#221\u003c/a\u003e Gh 206 document name option (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/226\"\u003e#226\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/212\"\u003e#212\u003c/a\u003e: enable direct name option test (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/225\"\u003e#225\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/211\"\u003e#211\u003c/a\u003e: existing tests must clean up after themselves (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/224\"\u003e#224\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/217\"\u003e#217\u003c/a\u003e: name tests must use tmpName (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/223\"\u003e#223\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/214\"\u003e#214\u003c/a\u003e: refactor tests and lib (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/198\"\u003e#198\u003c/a\u003e Update dependencies to latest versions (\u003ca href=\"https://github.com/matsev\"\u003e\u003ccode\u003e@​matsev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787\"\u003e\u003ccode\u003e1cf4ec5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\"\u003e\u003ccode\u003e188b25e\u003c/code\u003e\u003c/a\u003e Fix GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa\"\u003e\u003ccode\u003e73b9fe4\u003c/code\u003e\u003c/a\u003e Add test case for GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b8e2f29a7575352e49e4882a836aab4bd2ec927f\"\u003e\u003ccode\u003eb8e2f29\u003c/code\u003e\u003c/a\u003e Remove broken tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/2892a027b4d2d3a25d1d08a398bc108a0200857f\"\u003e\u003ccode\u003e2892a02\u003c/code\u003e\u003c/a\u003e Remove outdated URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/f5923182461a89e9de5a7a09c75f410a76979ae7\"\u003e\u003ccode\u003ef592318\u003c/code\u003e\u003c/a\u003e Reformat package.json\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.0.33...v0.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.13.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/37caaad57dc37d350d9a4577a5da53f482bb2983\"\u003e\u003ccode\u003e37caaad\u003c/code\u003e\u003c/a\u003e 3.14.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/094c0f7a79e6ff9e2b4d50b22686d2586894b58f\"\u003e\u003ccode\u003e094c0f7\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9586ebe23298427d26b3479979bd6499bf3a14c2\"\u003e\u003ccode\u003e9586ebe\u003c/code\u003e\u003c/a\u003e Avoid calling hasOwnProperty of user-controlled objects\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/34e5072f43fd36b08aaaad433da73c10d47c41e5\"\u003e\u003ccode\u003e34e5072\u003c/code\u003e\u003c/a\u003e 3.14.0 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/7b25c83a6dc77097c2bf14bf714e168f60ee199b\"\u003e\u003ccode\u003e7b25c83\u003c/code\u003e\u003c/a\u003e Browser files rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/6f7347396867b8dcfc042722c2aae810dfe4caae\"\u003e\u003ccode\u003e6f73473\u003c/code\u003e\u003c/a\u003e Dev deps bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/0c293491d903cddcd41b41c165bc45eeb9a8d720\"\u003e\u003ccode\u003e0c29349\u003c/code\u003e\u003c/a\u003e Travis-CI: drop old nodejs versions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.13.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json-schema` from 0.2.3 to 0.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa\"\u003e\u003ccode\u003ef6f6a3b\u003c/code\u003e\u003c/a\u003e Use a little more robust method of checking instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/ef60987a9a14b9d9c739384460044ba53cd9b9a2\"\u003e\u003ccode\u003eef60987\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a\"\u003e\u003ccode\u003eb62f1da\u003c/code\u003e\u003c/a\u003e Protect against constructor modification, \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/84\"\u003e#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/fb427cd4d175684786e4b2538718e72453e825e9\"\u003e\u003ccode\u003efb427cd\u003c/code\u003e\u003c/a\u003e Link to json-schema-org repository in addition to site, fixes \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/54\"\u003e#54\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741\"\u003e\u003ccode\u003e22f1461\u003c/code\u003e\u003c/a\u003e Don't allow \u003cstrong\u003eproto\u003c/strong\u003e property to be used for schema default/coerce, fixes \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/84\"\u003e#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/c52a27c653428149e4f9fb776d5e110d04639a9c\"\u003e\u003ccode\u003ec52a27c\u003c/code\u003e\u003c/a\u003e Get basic test to pass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/b3f42b3331608fe83b6cc267c5fc513ec1b839ed\"\u003e\u003ccode\u003eb3f42b3\u003c/code\u003e\u003c/a\u003e Add security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/3b0cec3042a5aac5c967fd43475f5edc4c5b6eff\"\u003e\u003ccode\u003e3b0cec3\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/c28470f2d64bace29c73d140f9c6876e3c3a9fef\"\u003e\u003ccode\u003ec28470f\u003c/code\u003e\u003c/a\u003e Update readme to acknowledge the state of the package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/7dff9cd2c35c31ff3c43fa4e38737c94283dd3d3\"\u003e\u003ccode\u003e7dff9cd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/81\"\u003e#81\u003c/a\u003e from hodovani/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kriszyp/json-schema/compare/v0.2.3...v0.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimist` from 1.2.5 to 1.2.8\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md\"\u003eminimist's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.7...v1.2.8\"\u003ev1.2.8\u003c/a\u003e - 2023-02-09\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/17\"\u003e\u003ccode\u003e[#17](https://github.com/minimistjs/minimist/issues/17)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/12\"\u003e\u003ccode\u003e[#12](https://github.com/minimistjs/minimist/issues/12)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/10\"\u003e\u003ccode\u003e[#10](https://github.com/minimistjs/minimist/issues/10)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/8\"\u003e\u003ccode\u003e[#8](https://github.com/minimistjs/minimist/issues/8)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/10\"\u003e#10\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/9\"\u003e\u003ccode\u003e[#9](https://github.com/minimistjs/minimist/issues/9)\u003c/c...\n\n_Description has been truncated_\n\u003c!-- devin-review-badge-begin --\u003e\n\n---\n\n\u003ca href=\"https://app.devin.ai/review/cyptopimpinainteazy/dextoolsweb3.js/pull/6\" target=\"_blank\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1\"\u003e\n    \u003cimg src=\"https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1\" alt=\"Open in Devin Review\"\u003e\n  \u003c/picture\u003e\n\u003c/a\u003e\n\u003c!-- devin-review-badge-end --\u003e\n\n\u003c!-- RECURSEML_SUMMARY:START --\u003e\n## High-level PR Summary\nThis PR updates multiple npm dependencies across 18 directories in a monorepo structure to address security vulnerabilities and compatibility issues. The updates include critical security patches for packages like `axios` (0.21.1 → 0.31.1), `uuid` (3.3.2 → 14.0.0), `underscore` (1.9.1 → 1.13.8), `minimist` (1.2.5 → 1.2.8), and several other dependencies with known vulnerabilities. Additionally, it bumps development dependencies like `karma`, `lerna`, and `mocha` to more recent versions. The changes are primarily version bumps in `package.json` files and their corresponding lock files, with no code modifications.\n\n⏱️ Estimated Review Time: 30-90 minutes\n\n\u003cdetails\u003e\n\u003csummary\u003e💡 Review Order Suggestion\u003c/summary\u003e\n\n| Order | File Path |\n|-------|-----------|\n| 1 | `package.json` |\n| 2 | `package-lock.json` |\n| 3 | `packages/web3/package-lock.json` |\n| 4 | `packages/web3-bzz/package.json` |\n| 5 | `packages/web3-bzz/package-lock.json` |\n| 6 | `packages/web3-core-helpers/package.json` |\n| 7 | `packages/web3-core-helpers/package-lock.json` |\n| 8 | `packages/web3-core-method/package.json` |\n| 9 | `packages/web3-core-method/package-lock.json` |\n| 10 | `packages/web3-core-requestmanager/package-lock.json` |\n| 11 | `packages/web3-core-requestmanager/package.json` |\n| 12 | `packages/web3-core-subscriptions/package.json` |\n| 13 | `packages/web3-core-subscriptions/package-lock.json` |\n| 14 | `packages/web3-core/package.json` |\n| 15 | `packages/web3-core/package-lock.json` |\n| 16 | `packages/web3-eth-abi/package.json` |\n| 17 | `packages/web3-eth-abi/package-lock.json` |\n| 18 | `packages/web3-eth-accounts/package.json` |\n| 19 | `packages/web3-eth-accounts/package-lock.json` |\n| 20 | `packages/web3-eth-contract/package.json` |\n| 21 | `packages/web3-eth-contract/package-lock.json` |\n| 22 | `packages/web3-eth-ens/package.json` |\n| 23 | `packages/web3-eth-ens/package-lock.json` |\n| 24 | `packages/web3-eth-iban/package.json` |\n| 25 | `packages/web3-eth-iban/package-lock.json` |\n| 26 | `packages/web3-eth-personal/package-lock.json` |\n| 27 | `packages/web3-eth/package.json` |\n| 28 | `packages/web3-eth/package-lock.json` |\n| 29 | `packages/web3-eth2-beaconchain/package-lock.json` |\n| 30 | `packages/web3-eth2-core/package.json` |\n| 31 | `packages/web3-eth2-core/package-lock.json` |\n| 32 | `packages/web3-net/package.json` |\n| 33 | `packages/web3-net/package-lock.json` |\n| 34 | `packages/web3-providers-http/package.json` |\n| 35 | `packages/web3-providers-http/package-lock.json` |\n| 36 | `packages/web3-providers-ipc/package.json` |\n| 37 | `packages/web3-providers-ipc/package-lock.json` |\n| 38 | `packages/web3-providers-ws/package.json` |\n| 39 | `packages/web3-providers-ws/package-lock.json` |\n| 40 | `packages/web3-shh/package-lock.json` |\n| 41 | `packages/web3-utils/package.json` |\n| 42 | `packages/web3-utils/package-lock.json` |\n\u003c/details\u003e\n\n\n\n[![Need help? Join our Discord](https://img.shields.io/badge/Need%20help%3F%20Join%20our%20Discord-5865F2?style=plastic\u0026logo=discord\u0026logoColor=white)](https://discord.gg/n3SsVDAW6U)\n\n\u003c!-- RECURSEML_SUMMARY:END --\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate security-sensitive dependencies across the monorepo and align internal `web3-*` packages, reducing vulnerabilities and modernizing the stack. Notable upgrades include `uuid@14` (Node 20+), `axios@0.31.1`, and `underscore@1.13.8`.\n\n- **Dependencies**\n  - Bumped `uuid` to `14.0.0` in `web3-eth-accounts` (requires Node 20+, expects global `crypto`).\n  - Upgraded `axios` to `0.31.1` with multiple security hardenings (header sanitization, prototype pollution guards, stream limits, XSRF handling).\n  - Updated core libs: `underscore@1.13.8`, `bn.js@4.12.3`, `minimist@1.2.8`, `js-yaml@3.14.2`, `json-schema@0.4.0`, and related transitive packages.\n  - Aligned internal deps where needed: `web3-core*` and `web3-utils` to `1.10.x`.\n\n- **Migration**\n  - Ensure Node 20+ in runtime/CI if using `web3-eth-accounts` (via `uuid@14`). If not possible, pin `uuid` below `14`.\n  - If your build pulled `axios` from git/Bower, switch to npm or a CDN bundle (dist no longer committed).\n  - After merging, reinstall dependencies to refresh lockfiles.\n\n\u003csup\u003eWritten for commit a8502dcb1de3f6d24ddf1f1814402d89bf5611bd. Summary will update on new commits. \u003ca href=\"https://cubic.dev/pr/Cyptopimpinainteazy/DEXTOOLSweb3.js/pull/6?utm_source=github\"\u003eReview in cubic\u003c/a\u003e\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/Cyptopimpinainteazy/DEXTOOLSweb3.js/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyptopimpinainteazy%2FDEXTOOLSweb3.js/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4508192982","node_id":"PR_kwDOQXnBqc7enux5","number":16,"state":"closed","title":"chore(deps): Bump the npm_and_yarn group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-31T14:21:46.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T12:52:29.000Z","updated_at":"2026-05-31T14:21:47.000Z","time_to_close":696557,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"npm_and_yarn","update_count":7,"packages":[{"name":"multer","old_version":"2.0.2","new_version":"2.1.1","repository_url":"https://github.com/expressjs/multer"},{"name":"@xmldom/xmldom","old_version":"0.8.11","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [multer](https://github.com/expressjs/multer) | `2.0.2` | `2.1.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n\n\nUpdates `multer` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/releases\"\u003emulter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add node version to 25.x in CI by \u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1377\"\u003eexpressjs/multer#1377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1376\"\u003eexpressjs/multer#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1375\"\u003eexpressjs/multer#1375\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1374\"\u003eexpressjs/multer#1374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix error/abort handling by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1373\"\u003eexpressjs/multer#1373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e2.1.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1380\"\u003eexpressjs/multer#1380\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\"\u003ehttps://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.0\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1346\"\u003eexpressjs/multer#1346\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop mkdirp dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop object-assign dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1351\"\u003eexpressjs/multer#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop xtend dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1352\"\u003eexpressjs/multer#1352\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(gitignore): ignore .nyc_output directory by \u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-vi.md regarding file upload by \u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-pt-br.md for array method by \u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eheaders-support-utf8 by \u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Turkish translation (README-tr.md) by \u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.1.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1371\"\u003eexpressjs/multer#1371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\"\u003ehttps://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/blob/main/CHANGELOG.md\"\u003emulter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix error/abort handling\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edefParamCharset\u003c/code\u003e option for UTF-8 filename support (\u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/368c8a10cca11854cf17c24029fefd1eafb1c059\"\u003e\u003ccode\u003e368c8a1\u003c/code\u003e\u003c/a\u003e 2.1.1 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1380\"\u003e#1380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752\"\u003e\u003ccode\u003e7e66481\u003c/code\u003e\u003c/a\u003e 🐛 fix recursion issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/643571ef85e9db94b87a777773f4d67156f82a3e\"\u003e\u003ccode\u003e643571e\u003c/code\u003e\u003c/a\u003e ✅ add explicit test for client able to send body without abrupt disconnect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/e86fa523753f8d54ad0687bf52fb20044b6fa309\"\u003e\u003ccode\u003ee86fa52\u003c/code\u003e\u003c/a\u003e fix error/abort handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/ca37779bf1f531a70af9977805380d0f51d293e2\"\u003e\u003ccode\u003eca37779\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/13088f41e3bf8c3fc21d8c2867ffafb42470ed09\"\u003e\u003ccode\u003e13088f4\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1375\"\u003e#1375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/bc6a1d1374f7ddc9baf9d22bf7c30f831c621e3a\"\u003e\u003ccode\u003ebc6a1d1\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/c496e931263a901ccfc0821ac21768ac23786f77\"\u003e\u003ccode\u003ec496e93\u003c/code\u003e\u003c/a\u003e chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1377\"\u003e#1377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/fa173d30d01f4e18a8be74570b2770c7230b8b05\"\u003e\u003ccode\u003efa173d3\u003c/code\u003e\u003c/a\u003e chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/17d7f5193a237ebfd4c19274c7a6729538b4a9a0\"\u003e\u003ccode\u003e17d7f51\u003c/code\u003e\u003c/a\u003e chore: add node version to 25.x in CI\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.11 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.13.7 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.13.7...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ry-ops/ATSFlow/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ry-ops/ATSFlow/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ry-ops%2FATSFlow/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"},{"uuid":"4507760461","node_id":"PR_kwDOM32Evs7emX-q","number":92,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 21 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T10:19:43.000Z","updated_at":"2026-06-07T04:01:35.006Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"axios","old_version":"1.7.5","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"dompurify","old_version":"3.1.6","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"protobufjs","old_version":"7.2.5","new_version":"7.5.8","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"uuid","old_version":"9.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"protobufjs-cli","old_version":"1.1.1","new_version":"1.2.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.20.11","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"fast-xml-parser","old_version":"4.4.1","new_version":"4.5.6","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.1.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"immutable","old_version":"4.2.3","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protocol-buffers-schema","old_version":"3.6.0","new_version":"3.6.1","repository_url":"https://github.com/mafintosh/protocol-buffers-schema"},{"name":"rollup","old_version":"2.79.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"underscore","old_version":"1.13.6","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"webpack-dev-server","old_version":"4.11.1","new_version":"4.15.2","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the /frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.5` | `1.15.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.1.6` | `3.4.0` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.2.5` | `7.5.8` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.0` | `14.0.0` |\n| [protobufjs-cli](https://github.com/protobufjs/protobuf.js) | `1.1.1` | `1.2.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.20.11` | `7.29.4` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.4.1` | `4.5.6` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.2.3` | `4.3.8` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [protocol-buffers-schema](https://github.com/mafintosh/protocol-buffers-schema) | `3.6.0` | `3.6.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.6` | `1.13.8` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.11.1` | `4.15.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\n\nUpdates `axios` from 1.7.5 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.5...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.1.6 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003eADD_FORBID_CONTENTS\u003c/code\u003e setting to extend default list, thanks \u003ca href=\"https://github.com/MariusRumpf\"\u003e\u003ccode\u003e@​MariusRumpf\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated the ESM import syntax to be more correct, thanks \u003ca href=\"https://github.com/binhpv\"\u003e\u003ccode\u003e@​binhpv\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the SVG \u003ccode\u003emask-type\u003c/code\u003e attribute to default allow-list, thanks \u003ca href=\"https://github.com/prasadrajandran\"\u003e\u003ccode\u003e@​prasadrajandran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003eADD_ATTR\u003c/code\u003e and \u003ccode\u003eADD_TAGS\u003c/code\u003e to accept functions, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with the \u003ccode\u003eslot\u003c/code\u003e element being in both SVG and HTML allow-list, thanks \u003ca href=\"https://github.com/Wim-Valgaeren\"\u003e\u003ccode\u003e@​Wim-Valgaeren\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded new attributes and elements to default allow-list, thanks \u003ca href=\"https://github.com/elrion018\"\u003e\u003ccode\u003e@​elrion018\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003etagName\u003c/code\u003e parameter to custom element \u003ccode\u003eattributeNameCheck\u003c/code\u003e, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better check for animated \u003ccode\u003ehref\u003c/code\u003e attributes, thanks \u003ca href=\"https://github.com/llamakko\"\u003e\u003ccode\u003e@​llamakko\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated and improved the bundled types, thanks \u003ca href=\"https://github.com/ssi02014\"\u003e\u003ccode\u003e@​ssi02014\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated several tests to better align with new browser encoding behaviors\u003c/li\u003e\n\u003cli\u003eImproved the handling of potentially risky content inside CDATA elements, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved the regular expression for raw-text elements to cover textareas, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.1.6...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.2.5 to 7.5.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.8\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e54b593f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e54b593f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6\"\u003e\u003ccode\u003ed7035f9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e\u003ccode\u003e54b593f\u003c/code\u003e\u003c/a\u003e fix: Backport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.5...protobufjs-v7.5.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 9.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs-cli` from 1.1.1 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs-cli's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs-cli: v1.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.2.0...protobufjs-cli-v1.2.1\"\u003e1.2.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs-cli: v1.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.4...protobufjs-cli-v1.2.0\"\u003e1.2.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1\"\u003ea84409b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9\"\u003e9c5a178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e\"\u003eb2c6867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef\"\u003e60f3e51\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64\"\u003ea656361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1af8454538b63d58b822ea9d20b935f2ac9f158c\"\u003e1af8454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a9ffc8a7b593209642fc9d89e884ac6c4e746494\"\u003ea9ffc8a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution for protobuf editions (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/547afa26f76e22e5463a17aec082b0b60cd951d8\"\u003e547afa2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eapi_converters_editions tests added and run successfully\u0026quot; (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b4b5ca468fcde2082d65a72b508f18d07d75245c\"\u003eb4b5ca4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eincrease size of file that protobufjs CLI can process (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/00d5f1aca4d7959068f52fd11767c21b483e75bb\"\u003e00d5f1a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eincrease size of file that protobufjs CLI can process (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d36ef0faeae9a9ec655747cb650571bdd9b1243b\"\u003ed36ef0f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.3...protobufjs-cli-v1.1.4\"\u003e1.1.4\u003c/a\u003e (2024-08-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einclude (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/28e333415d3c85687810e164125997d17baba0bd\"\u003e28e3334\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.2...protobufjs-cli-v1.1.3\"\u003e1.1.3\u003c/a\u003e (2024-08-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehandle nullability for optional fields (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/59569c12c85c1c7b783ace9a71775b1d05a08e9c\"\u003e59569c1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.1...protobufjs-cli-v1.1.2\"\u003e1.1.2\u003c/a\u003e (2023-08-21)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epossible infinite loop when parsing option (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1923\"\u003e#1923\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f2a86201799af5842e1339c22950abbb3db00f51\"\u003ef2a8620\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482\"\u003e\u003ccode\u003e086b19d\u003c/code\u003e\u003c/a\u003e fix: do not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.1...protobufjs-cli-v1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs-cli since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.20.11 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca hre...\n\n_Description has been truncated_","html_url":"https://github.com/Bonniemarie216/streamlit/pull/92","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bonniemarie216%2Fstreamlit/issues/92","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/92/packages"},{"uuid":"4505809996","node_id":"PR_kwDOBTb13s7egWqB","number":159,"state":"closed","title":"build(deps): bump the web-npm-security-minor-patch group across 1 directory with 23 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T23:56:14.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T21:56:29.000Z","updated_at":"2026-05-22T23:56:15.000Z","time_to_close":7185,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"web-npm-security-minor-patch","update_count":23,"packages":[{"name":"underscore","old_version":"1.12.1","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"@babel/runtime","old_version":"7.6.0","new_version":"7.29.2","repository_url":"https://github.com/babel/babel"},{"name":"@babel/traverse","old_version":"7.2.3","new_version":"7.29.0","repository_url":"https://github.com/babel/babel"},{"name":"browserify-sign","old_version":"4.0.4","new_version":"4.2.5","repository_url":"https://github.com/crypto-browserify/browserify-sign"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"decode-uri-component","old_version":"0.2.0","new_version":"0.2.2","repository_url":"https://github.com/SamVerschueren/decode-uri-component"},{"name":"qs","old_version":"6.5.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"body-parser","old_version":"1.18.3","new_version":"1.20.5","repository_url":"https://github.com/expressjs/body-parser"},{"name":"handlebars","old_version":"4.5.3","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"immutable","old_version":"5.1.3","new_version":"5.1.5","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"tmp","old_version":"0.0.33","new_version":"0.2.5","repository_url":"https://github.com/raszi/node-tmp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the web-npm-security-minor-patch group with 11 updates in the /web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.12.1` | `1.13.8` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.6.0` | `7.29.2` |\n| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.2.3` | `7.29.0` |\n| [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.5` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.15.2` |\n| [body-parser](https://github.com/expressjs/body-parser) | `1.18.3` | `1.20.5` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.5.3` | `4.7.9` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.3` | `5.1.5` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.0.33` | `0.2.5` |\n\n\nUpdates `underscore` from 1.12.1 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.12.1...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/runtime` from 7.6.0 to 7.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/runtime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17789\"\u003e#17789\u003c/a\u003e [7.x backport] preset-env include/exclude should accept bugfix plugins (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17813\"\u003e#17813\u003c/a\u003e chore: update eslint peer deps (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.1 (2026-02-04)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17771\"\u003e#17771\u003c/a\u003e [7.x backport] fix: ensure \u003ccode\u003etargets.esmodules\u003c/code\u003e is validated (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17776\"\u003e#17776\u003c/a\u003e [7.x backport] Fix undefined when 64 indents (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.0 (2026-01-31)\u003c/h2\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e for your first PR!\u003c/p\u003e\n\u003ch4\u003e:rocket: New Feature\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-types\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17750\"\u003e#17750\u003c/a\u003e [7.x backport] Add attributes import declaration builder (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17663\"\u003e#17663\u003c/a\u003e [7.x backport] feat(standalone): export async transform (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17725\"\u003e#17725\u003c/a\u003e [7.x backport] feat: read standalone targets from data-targets (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17765\"\u003e#17765\u003c/a\u003e fix(parser): correctly parse type assertions in \u003ccode\u003eextends\u003c/code\u003e clause (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17723\"\u003e#17723\u003c/a\u003e [7.x backport] fix(parser): improve super type argument parsing (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17708\"\u003e#17708\u003c/a\u003e fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (\u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-block-scoping\u003c/code\u003e, \u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17737\"\u003e#17737\u003c/a\u003e [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (\u003ca href=\"https://github.com/magic-akari\"\u003e\u003ccode\u003e@​magic-akari\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31\"\u003e\u003ccode\u003e37d5595\u003c/code\u003e\u003c/a\u003e v7.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17\"\u003e\u003ccode\u003ed7f4008\u003c/code\u003e\u003c/a\u003e v7.28.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f\"\u003e\u003ccode\u003e35055e3\u003c/code\u003e\u003c/a\u003e v7.28.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2\"\u003e\u003ccode\u003eef155f5\u003c/code\u003e\u003c/a\u003e v7.28.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cac0ff4c3426eed30b4d27e7971b348da7c9f1e6\"\u003e\u003ccode\u003ecac0ff4\u003c/code\u003e\u003c/a\u003e v7.28.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/f68ac511f091f6d1f698e8ce59cd668d3bfc6102\"\u003e\u003ccode\u003ef68ac51\u003c/code\u003e\u003c/a\u003e chore: Avoid CITGM errors (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17382\"\u003e#17382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/baa4cb8b9f8a551d7dae9042b19ea2f74df6b110\"\u003e\u003ccode\u003ebaa4cb8\u003c/code\u003e\u003c/a\u003e v7.27.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/7d069309fdfcedda2928a043f6f7c98135c1242a\"\u003e\u003ccode\u003e7d06930\u003c/code\u003e\u003c/a\u003e v7.27.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/5b9468d9bf1ab4f427241673e9f03593da115a69\"\u003e\u003ccode\u003e5b9468d\u003c/code\u003e\u003c/a\u003e Reduce \u003ccode\u003eregenerator\u003c/code\u003e size more (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17287\"\u003e#17287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cb78b5b50e327e27467086cf8bbe196bda7cea9b\"\u003e\u003ccode\u003ecb78b5b\u003c/code\u003e\u003c/a\u003e [babel 8] Do not replace global \u003ccode\u003eregeneratorRuntime\u003c/code\u003e references in regenerato...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.2/packages/babel-runtime\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/runtime\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/traverse` from 7.2.3 to 7.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/traverse's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.0 (2026-01-31)\u003c/h2\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e for your first PR!\u003c/p\u003e\n\u003ch4\u003e:rocket: New Feature\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-types\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17750\"\u003e#17750\u003c/a\u003e [7.x backport] Add attributes import declaration builder (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17663\"\u003e#17663\u003c/a\u003e [7.x backport] feat(standalone): export async transform (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17725\"\u003e#17725\u003c/a\u003e [7.x backport] feat: read standalone targets from data-targets (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17765\"\u003e#17765\u003c/a\u003e fix(parser): correctly parse type assertions in \u003ccode\u003eextends\u003c/code\u003e clause (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17723\"\u003e#17723\u003c/a\u003e [7.x backport] fix(parser): improve super type argument parsing (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17708\"\u003e#17708\u003c/a\u003e fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (\u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-block-scoping\u003c/code\u003e, \u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17737\"\u003e#17737\u003c/a\u003e [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (\u003ca href=\"https://github.com/magic-akari\"\u003e\u003ccode\u003e@​magic-akari\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17642\"\u003e#17642\u003c/a\u003e [Babel 7] Improve generator performance (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDavid (\u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magic-akari\"\u003e\u003ccode\u003e@​magic-akari\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.28.6 (2026-01-12)\u003c/h2\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/kadhirash\"\u003e\u003ccode\u003e@​kadhirash\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/kolvian\"\u003e\u003ccode\u003e@​kolvian\u003c/code\u003e\u003c/a\u003e for your first PRs!\u003c/p\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-cli\u003c/code\u003e, \u003ccode\u003ebabel-code-frame\u003c/code\u003e, \u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-helper-check-duplicate-nodes\u003c/code\u003e, \u003ccode\u003ebabel-helper-fixtures\u003c/code\u003e, \u003ccode\u003ebabel-helper-plugin-utils\u003c/code\u003e, \u003ccode\u003ebabel-node\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-flow-comments\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-modules-commonjs\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-property-mutators\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-traverse\u003c/code\u003e, \u003ccode\u003ebabel-types\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17589\"\u003e#17589\u003c/a\u003e Improve Unicode handling in code-frame tokenizer (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-regenerator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17556\"\u003e#17556\u003c/a\u003e fix: \u003ccode\u003etransform-regenerator\u003c/code\u003e correctly handles scope (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-react-jsx\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17538\"\u003e#17538\u003c/a\u003e fix: Keep jsx comments (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17606\"\u003e#17606\u003c/a\u003e Polish(standalone): improve message on invalid preset/plugin (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-bugfix-v8-static-class-fields-redefine-readonly\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-attributes-to-assertions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-async-do-expressions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-decorators\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-destructuring-private\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-do-expressions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-explicit-resource-management\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-export-default-from\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-flow\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-function-bind\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-function-sent\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-import-assertions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-import-attributes\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-import-defer\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-import-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-jsx\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-module-blocks\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-optional-chaining-assign\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-partial-application\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-pipeline-operator\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-throw-expressions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-typescript\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-to-generator\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-class-properties\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-class-static-block\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-dotall-regex\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-duplicate-named-capturing-groups-regex\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-explicit-resource-management\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-exponentiation-operator\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-strings\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-logical-assignment-operators\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-nullish-coalescing-operator\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-numeric-separator\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-object-rest-spread\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-optional-catch-binding\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-optional-chaining\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-private-methods\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-private-property-in-object\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-regexp-modifiers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-unicode-property-regex\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-unicode-sets-regex\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17580\"\u003e#17580\u003c/a\u003e Allow Babel 8 in compatible Babel 7 plugins (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/84366a8ea453814e732784db74cf2e2b6635eb6f\"\u003e\u003ccode\u003e84366a8\u003c/code\u003e\u003c/a\u003e fix(traverse): provide a hub when traversing a File or Program and no parentP...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/229eb452c5d5d2be0dc138ec2956aff7ff1057d7\"\u003e\u003ccode\u003e229eb45\u003c/code\u003e\u003c/a\u003e [7.x backport] fix: Rename switch discriminant references when body creates s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17\"\u003e\u003ccode\u003ed7f4008\u003c/code\u003e\u003c/a\u003e v7.28.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/905bc22b2fff23673eabe467815c67b29bf8bba2\"\u003e\u003ccode\u003e905bc22\u003c/code\u003e\u003c/a\u003e fix: lint errors in main branch (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17612\"\u003e#17612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a03e2b63ae530674e866b60350b7eb4a5fcb5f59\"\u003e\u003ccode\u003ea03e2b6\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003epath.evaluate\u003c/code\u003e correctly returns \u003ccode\u003econfident\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17584\"\u003e#17584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aac2c37e11ad58905f7f9606103074e80bacbbcd\"\u003e\u003ccode\u003eaac2c37\u003c/code\u003e\u003c/a\u003e chore: Use Gulpfile.mts (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17579\"\u003e#17579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/65c4a6b3ee0e1d32801529e841572bb22534e1f3\"\u003e\u003ccode\u003e65c4a6b\u003c/code\u003e\u003c/a\u003e [Babel 8] fix: Improve \u003ccode\u003etraverse\u003c/code\u003e types (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17574\"\u003e#17574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99dcba5e71de3bd81ce14077cfa5b6df58e9b177\"\u003e\u003ccode\u003e99dcba5\u003c/code\u003e\u003c/a\u003e chore: enable some ts-eslint rules (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17592\"\u003e#17592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/c92c4919771105140015167f25f7bacac77c90d9\"\u003e\u003ccode\u003ec92c491\u003c/code\u003e\u003c/a\u003e Improve Unicode handling in code-frame tokenizer (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17589\"\u003e#17589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.0/packages/babel-traverse\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/traverse\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `browserify-sign` from 4.0.4 to 4.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md\"\u003ebrowserify-sign's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/compare/v4.2.4...v4.2.5\"\u003ev4.2.5\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] clean up tests and convert console info skips to tape skips \u003ca href=\"https://github.com/browserify/browserify-sign/commit/37b083c602fb6fcd99e0856cba8859dc6f073f3c\"\u003e\u003ccode\u003e37b083c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] restore node 0.10 support \u003ca href=\"https://github.com/browserify/browserify-sign/commit/faade86fe051fc0fb1b59e3694a566116e1e79a7\"\u003e\u003ccode\u003efaade86\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eparse-asn1\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/5a0f159e1d32b5c1088a75dceb301afaf40446f9\"\u003e\u003ccode\u003e5a0f159\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] drop unsupported nodes from CI \u003ca href=\"https://github.com/browserify/browserify-sign/commit/106be97da87f296f187c44b9ee857384153b5068\"\u003e\u003ccode\u003e106be97\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/compare/v4.2.3...v4.2.4\"\u003ev4.2.4\u003c/a\u003e - 2025-09-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[actions] split out node 10-20, and 20+ \u003ca href=\"https://github.com/browserify/browserify-sign/commit/17920d944f04efee7ae2212e4339485ba306b723\"\u003e\u003ccode\u003e17920d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove \u003ccode\u003efiles\u003c/code\u003e field \u003ca href=\"https://github.com/browserify/browserify-sign/commit/6d5b280e0496201ba022874c864b0046a74eb45e\"\u003e\u003ccode\u003e6d5b280\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003ebn.js\u003c/code\u003e, \u003ccode\u003ebrowserify-rsa\u003c/code\u003e, \u003ccode\u003eelliptic\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/31be0c2459e1aad5158f72576c057603bf8527b6\"\u003e\u003ccode\u003e31be0c2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003esemver\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/5f6698211aa1d6dddaba8c245f40f63ae28924a3\"\u003e\u003ccode\u003e5f66982\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] replace \u003ccode\u003eaud\u003c/code\u003e with \u003ccode\u003enpm audit\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/d44b24d8691d699ccc76780b106fe9c1bf0d1558\"\u003e\u003ccode\u003ed44b24d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] add missing peer dep \u003ca href=\"https://github.com/browserify/browserify-sign/commit/ab975f4845ea5c931df037e7f0df60f045335ae7\"\u003e\u003ccode\u003eab975f4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] revert 9e2bf12, now that v3.1.1 is out \u003ca href=\"https://github.com/browserify/browserify-sign/commit/428cf7f3f0d09f1b39312e5e51620ca684b5c1ac\"\u003e\u003ccode\u003e428cf7f\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/compare/v4.2.2...v4.2.3\"\u003ev4.2.3\u003c/a\u003e - 2024-03-05\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[patch] widen support to 0.12 \u003ca href=\"https://github.com/browserify/browserify-sign/commit/9247adfd261ededfec1c036c9d8f36c4e9f87c0e\"\u003e\u003ccode\u003e9247adf\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[patch] drop minimum node support to v1 \u003ca href=\"https://github.com/browserify/browserify-sign/commit/4d0ee49ae2dc238b877dce9aed7e23fb4cb5088d\"\u003e\u003ccode\u003e4d0ee49\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eaud\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/87f3a35a587b377da2c1987af8d41c57b5afe0a5\"\u003e\u003ccode\u003e87f3a35\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] remove redundant finisher \u003ca href=\"https://github.com/browserify/browserify-sign/commit/37a475856843b7d1b2403fdafac0024ba252e579\"\u003e\u003ccode\u003e37a4758\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] pin \u003ccode\u003ehash-base\u003c/code\u003e to ~3.0, due to a breaking change \u003ca href=\"https://github.com/browserify/browserify-sign/commit/9e2bf122b70970cb92f69d53e963f18299f14d66\"\u003e\u003ccode\u003e9e2bf12\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eparse-asn1 [\u003c/code\u003ef427270`](\u003ca href=\"https://github.com/browserify/browserify-sign/commit/f427270ac11dc6be29f87d7afb046c16376a5a9c\"\u003ehttps://github.com/browserify/browserify-sign/commit/f427270ac11dc6be29f87d7afb046c16376a5a9c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eelliptic\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/fb261cea57f92b3d98bc4d8bc6228c43a5de2e91\"\u003e\u003ccode\u003efb261ce\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] pin \u003ccode\u003eelliptic\u003c/code\u003e due to a breaking change \u003ca href=\"https://github.com/browserify/browserify-sign/commit/168e16fcb54886a0281b0c983e1482a097042684\"\u003e\u003ccode\u003e168e16f\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/compare/v4.2.1...v4.2.2\"\u003ev4.2.2\u003c/a\u003e - 2023-10-25\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] log when openssl doesn't support cipher \u003ca href=\"https://redirect.github.com/browserify/browserify-sign/issues/37\"\u003e\u003ccode\u003e[#37](https://github.com/crypto-browserify/browserify-sign/issues/37)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/browserify-sign/commit/09a89959393b3c89fedd4f7f3bafa4fec44371d7\"\u003e\u003ccode\u003e09a8995\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] switch to eslint \u003ca href=\"https://github.com/browserify/browserify-sign/commit/83fe46374b819e959d56d2c0b931308f7451a664\"\u003e\u003ccode\u003e83fe463\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/44181838e7dcc4d5d0c568f74312ea28f0bcdfd5\"\u003e\u003ccode\u003e4418183\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/browserify-sign/commit/9ac5a5eaaac8a11eb70ec2febd13745c8764ae02\"\u003e\u003ccode\u003e9ac5a5e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to github actions \u003ca href=\"https://github.com/browserify/browserify-sign/commit/d845d855def38e2085d5a21e447a48300f99fa60\"\u003e\u003ccode\u003ed845d85\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003esign\u003c/code\u003e: throw on unsupported padding scheme \u003ca href=\"https://github.com/browserify/browserify-sign/commit/8767739a4516289568bcce9fed8a3b7e23478de9\"\u003e\u003ccode\u003e8767739\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] properly check the upper bound for DSA signatures \u003ca href=\"https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30\"\u003e\u003ccode\u003e85994cd\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle openSSL not supporting a scheme \u003ca href=\"https://github.com/browserify/browserify-sign/commit/f5f17c27f9824de40b5ce8ebd8502111203fd6af\"\u003e\u003ccode\u003ef5f17c2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/d3a7458af692134219fce56a082068f678e12474\"\u003e\u003ccode\u003ed3a7458\u003c/code\u003e\u003c/a\u003e v4.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/37b083c602fb6fcd99e0856cba8859dc6f073f3c\"\u003e\u003ccode\u003e37b083c\u003c/code\u003e\u003c/a\u003e [Tests] clean up tests and convert console info skips to tape skips\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/faade86fe051fc0fb1b59e3694a566116e1e79a7\"\u003e\u003ccode\u003efaade86\u003c/code\u003e\u003c/a\u003e [Fix] restore node 0.10 support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/5a0f159e1d32b5c1088a75dceb301afaf40446f9\"\u003e\u003ccode\u003e5a0f159\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003eparse-asn1\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/106be97da87f296f187c44b9ee857384153b5068\"\u003e\u003ccode\u003e106be97\u003c/code\u003e\u003c/a\u003e [actions] drop unsupported nodes from CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/9c371720efd60af4e08f83df4cd612a6ed135cec\"\u003e\u003ccode\u003e9c37172\u003c/code\u003e\u003c/a\u003e v4.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/6d5b280e0496201ba022874c864b0046a74eb45e\"\u003e\u003ccode\u003e6d5b280\u003c/code\u003e\u003c/a\u003e [meta] remove \u003ccode\u003efiles\u003c/code\u003e field\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/17920d944f04efee7ae2212e4339485ba306b723\"\u003e\u003ccode\u003e17920d9\u003c/code\u003e\u003c/a\u003e [actions] split out node 10-20, and 20+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/31be0c2459e1aad5158f72576c057603bf8527b6\"\u003e\u003ccode\u003e31be0c2\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003ebn.js\u003c/code\u003e, \u003ccode\u003ebrowserify-rsa\u003c/code\u003e, \u003ccode\u003eelliptic\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/ab975f4845ea5c931df037e7f0df60f045335ae7\"\u003e\u003ccode\u003eab975f4\u003c/code\u003e\u003c/a\u003e [Dev Deps] add missing peer dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/browserify-sign/compare/v4.0.4...v4.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for browserify-sign since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decode-uri-component` from 0.2.0 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/releases\"\u003edecode-uri-component's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent overwriting previously decoded tokens  980e0bf\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to GitHub workflows  76abc93\u003c/li\u003e\n\u003cli\u003eFix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e  746ca5d\u003c/li\u003e\n\u003cli\u003eUpdate license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)  486d7e2\u003c/li\u003e\n\u003cli\u003eTidelift tasks  a650457\u003c/li\u003e\n\u003cli\u003eMeta tweaks  66e1c28\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a0eea469d26eb0df668b081672cdb9581feb78eb\"\u003e\u003ccode\u003ea0eea46\u003c/code\u003e\u003c/a\u003e 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/980e0bf09b64d94f1aa79012f895816c30ffd152\"\u003e\u003ccode\u003e980e0bf\u003c/code\u003e\u003c/a\u003e Prevent overwriting previously decoded tokens\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/3c8a373dd4837e89b3f970e01295dd03e1405a33\"\u003e\u003ccode\u003e3c8a373\u003c/code\u003e\u003c/a\u003e 0.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/76abc939783fe3900fadb7d384a74d324d5557f3\"\u003e\u003ccode\u003e76abc93\u003c/code\u003e\u003c/a\u003e Switch to GitHub workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9\"\u003e\u003ccode\u003e746ca5d\u003c/code\u003e\u003c/a\u003e Fix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/486d7e26d3a8c0fbe860fb651fe1bc98c2f2be30\"\u003e\u003ccode\u003e486d7e2\u003c/code\u003e\u003c/a\u003e Update license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a65045724e6234acef87f31da499d4807b20b134\"\u003e\u003ccode\u003ea650457\u003c/code\u003e\u003c/a\u003e Tidelift tasks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/66e1c2834c0e189201cb65196ec3101372459b02\"\u003e\u003ccode\u003e66e1c28\u003c/code\u003e\u003c/a\u003e Meta tweaks\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `elliptic` from 6.5.1 to 6.6.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/9b77436a59cc35eccf4ffb848259c8762a492ee7\"\u003e\u003ccode\u003e9b77436\u003c/code\u003e\u003c/a\u003e 6.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/04cb6f54ce552b3ebde6be06d6050419e1c7333e\"\u003e\u003ccode\u003e04cb6f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/b8a7edd61a0d9bddd0bbf3436a4b476401edbe20\"\u003e\u003ccode\u003eb8a7edd\u003c/code\u003e\u003c/a\u003e 6.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/34c853478cec1be4e37260ed2cb12cdbdc6402cf\"\u003e\u003ccode\u003e34c8534\u003c/code\u003e\u003c/a\u003e fix: signature verification due to leading zeros\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/3e46a48fdd2ef2f89593e5e058d85530578c9761\"\u003e\u003ccode\u003e3e46a48\u003c/code\u003e\u003c/a\u003e 6.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11\"\u003e\u003ccode\u003eaccb61e\u003c/code\u003e\u003c/a\u003e lib: DER signature decoding correction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/03e06e135c8e44a2da560fa197d0ba1e1e2759e9\"\u003e\u003ccode\u003e03e06e1\u003c/code\u003e\u003c/a\u003e 6.5.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281\"\u003e\u003ccode\u003e7ac5360\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/75700785ff41bb5d029d19186beff26d4883caa5\"\u003e\u003ccode\u003e7570078\u003c/code\u003e\u003c/a\u003e 6.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/206da2ee373e68466cde353f81fb59ef251b740b\"\u003e\u003ccode\u003e206da2e\u003c/code\u003e\u003c/a\u003e lib: lint\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/elliptic/compare/v6.5.1...v6.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.5.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.5.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `body-parser` from 1.18.3 to 1.20.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/releases\"\u003ebody-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.20.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThe reason for this release is a fix to the extended urlencoded parser returning objects instead of arrays for large array inputs (\u0026gt; 100) on qs@6.14.2+. (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/692\"\u003eexpressjs/body-parser#692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correct off-by-one error in parameterCount by \u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps(qs): bump qs to 6.15.1 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/722\"\u003eexpressjs/body-parser#722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.5 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/721\"\u003eexpressjs/body-parser#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSpecial thanks to triager \u003ca href=\"https://github.com/krzysdz\"\u003e\u003ccode\u003e@​krzysdz\u003c/code\u003e\u003c/a\u003e for keeping this on our radar and effectively triaging the specific issue!\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.4...1.20.5\"\u003ehttps://github.com/expressjs/body-parser/compare/1.20.4...1.20.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.20.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove redundant depth check by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/538\"\u003eexpressjs/body-parser#538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js v23 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/553\"\u003eexpressjs/body-parser#553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: restore CI for 1.x branch by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/665\"\u003eexpressjs/body-parser#665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@^6.14.0 by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/664\"\u003eexpressjs/body-parser#664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation and update certain dependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/668\"\u003eexpressjs/body-parser#668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: remove SECURITY.md by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/669\"\u003eexpressjs/body-parser#669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add CodeQL (SAST) by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/670\"\u003eexpressjs/body-parser#670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.4 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/672\"\u003eexpressjs/body-parser#672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.3...1.20.4\"\u003ehttps://github.com/expressjs/body-parser/compare/1.20.3...1.20.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.20.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eImportant\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIMPORTANT:\u003c/strong\u003e The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e). \u003ca href=\"https://github.com/expressjs/body-parser/blob/17529513673e39ba79886a7ce3363320cf1c0c50/README.md#depth\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: add support for OSSF scorecard reporting by \u003ca href=\"https://github.com/inigomarquinez\"\u003e\u003ccode\u003e@​inigomarquinez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/522\"\u003eexpressjs/body-parser#522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: fix errors in ci github action for node 8 and 9 by \u003ca href=\"https://github.com/inigomarquinez\"\u003e\u003ccode\u003e@​inigomarquinez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/523\"\u003eexpressjs/body-parser#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: pin to node@22.4.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/527\"\u003eexpressjs/body-parser#527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.12.3 by \u003ca href=\"https://github.com/melikhov-dev\"\u003e\u003ccode\u003e@​melikhov-dev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/521\"\u003eexpressjs/body-parser#521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OSSF Scorecard badge by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/531\"\u003eexpressjs/body-parser#531\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLinter by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/534\"\u003eexpressjs/body-parser#534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.3 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/535\"\u003eexpressjs/body-parser#535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/blob/1.20.5/HISTORY.md\"\u003ebody-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.20.5 / 2026-04-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction\u003c/li\u003e\n\u003cli\u003efix: extended urlencoded parsing of arrays with \u0026gt;100 elements (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: qs@~6.15.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.4 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@~6.14.0\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: http-errors@~2.0.1\u003c/li\u003e\n\u003cli\u003edeps: raw-body@~2.5.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.3 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.2 / 2023-02-21\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix strict json error message on Node.js 19+\u003c/li\u003e\n\u003cli\u003edeps: content-type@~1.0.5\n\u003cul\u003e\n\u003cli\u003eperf: skip value escaping when unnecessary\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: raw-body@2.5.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.1 / 2022-10-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@6.11.0\u003c/li\u003e\n\u003cli\u003eperf: remove unnecessary object clone\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.0 / 2022-04-02\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix error message for json parse whitespace in \u003ccode\u003estrict\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix internal error when inflated body exceeds limit\u003c/li\u003e\n\u003cli\u003ePrevent loss of async hooks context\u003c/li\u003e\n\u003cli\u003ePrevent hanging when request already read\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\n\u003cul\u003e\n\u003cli\u003eReplace internal \u003ccode\u003eeval\u003c/code\u003e usage with \u003ccode\u003eFunction\u003c/code\u003e constructor\u003c/li\u003e\n\u003cli\u003eUse instance methods on \u003ccode\u003eprocess\u003c/code\u003e to check for listeners\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\n\u003cul\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.10.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/0defdbe7f95ad0d3bc007d3a7c59c8c0ab9e6575\"\u003e\u003ccode\u003e0defdbe\u003c/code\u003e\u003c/a\u003e release(patch): 1.20.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/cd0e7a000c53e7be7262d303e57a352b6a00db7f\"\u003e\u003ccode\u003ecd0e7a0\u003c/code\u003e\u003c/a\u003e deps(qs): bump qs to 6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/6f24d7e8bcd9860b136920926ce86da1a7dd1d51\"\u003e\u003ccode\u003e6f24d7e\u003c/code\u003e\u003c/a\u003e fix: correct off-by-one error in parameterCount (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b849bd533d8b4abf5576a3e301f28d9befa05ddd\"\u003e\u003ccode\u003eb849bd5\u003c/code\u003e\u003c/a\u003e deps: qs@~6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/690\"\u003e#690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/2c55e2f712f320a8e8d0f9fcb1d06526d0e401c9\"\u003e\u003ccode\u003e2c55e2f\u003c/code\u003e\u003c/a\u003e refactor(json): simplify strict mode error string construction (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/7db202cac84a001e6566c2dc6516b44db98beff3\"\u003e\u003ccode\u003e7db202c\u003c/code\u003e\u003c/a\u003e 1.20.4 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d8f8adb898676dfdf997b4455e5f9b689b53e989\"\u003e\u003ccode\u003ed8f8adb\u003c/code\u003e\u003c/a\u003e ci: add CodeQL (SAST) (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/6d133c19b3e7c0bb8301959ca1dba283d23d23c3\"\u003e\u003ccode\u003e6d133c1\u003c/code\u003e\u003c/a\u003e chore: remove SECURITY.md (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/669\"\u003e#669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/fcd15355041ada6f37288dd13858d50429016b66\"\u003e\u003ccode\u003efcd1535\u003c/code\u003e\u003c/a\u003e deps: use tilde notation and update certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/ec5fa290d25d85e0049757e240249072331eaee6\"\u003e\u003ccode\u003eec5fa29\u003c/code\u003e\u003c/a\u003e deps: qs@~6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/664\"\u003e#664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.18.3...1.20.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jonchurch\"\u003ejonchurch\u003c/a\u003e, a new releaser for body-parser since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.5.3 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.7 - February 15th, 2021\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix weird error in integration tests - eb860c0\u003c/li\u003e\n\u003cli\u003efix: check prototype property access in strict-mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - b6d3de7\u003c/li\u003e\n\u003cli\u003efix: escape property names in compat mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - f058970\u003c/li\u003e\n\u003cli\u003erefactor: In spec tests, use expectTemplate over equals and shouldThrow (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1683\"\u003e#1683\u003c/a\u003e) - 77825f8\u003c/li\u003e\n\u003cli\u003echore: start testing on Node.js 12 and 13 - 3789a30\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(POSSIBLY) BREAKING CHANGES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe changes from version \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md#v460---january-8th-2020\"\u003e4.6.0\u003c/a\u003e now also apply\nin when using the compile-option \u0026quot;strict: true\u0026quot;. Access to prototype properties is forbidden completely by default, specific properties or methods\ncan be allowed via runtime-options. See \u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1633\"\u003e#1633\u003c/a\u003e for details. If you are using Handlebars as documented, you should not be accessing prototype properties\nfrom your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThat is why we only bump the patch version despite mentioning breaking changes.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/wycats/handlebars.js/compare/v4.7.6...v4.7.7\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.6 - April 3rd, 2020\u003c/h2\u003e\n\u003cp\u003eChore/Housekeeping:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/wycats/handlebars.js/issues/1672\"\u003e#1672\u003c/a\u003e - Switch cmd parser to latest minimist (\u003ca href=\"https://api.github.com/users/dougwilson\"\u003e\u003ccode\u003e@​dougwilson\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCompatibility notes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored Node.js compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/...\n\n_Description has been truncated_","html_url":"https://github.com/elkozmon/zoonavigator/pull/159","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/elkozmon%2Fzoonavigator/issues/159","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/159/packages"},{"uuid":"4505778976","node_id":"PR_kwDOBTb13s7egQUz","number":152,"state":"closed","title":"build(deps): bump the web-npm-minor-patch group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-23T08:43:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T21:48:21.000Z","updated_at":"2026-05-23T08:43:30.000Z","time_to_close":39307,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"web-npm-minor-patch","update_count":9,"packages":[{"name":"file-saver","old_version":"2.0.2","new_version":"2.0.5","repository_url":"https://github.com/eligrey/FileSaver.js"},{"name":"js-beautify","old_version":"1.10.2","new_version":"1.15.4","repository_url":"https://github.com/beautifier/js-beautify"},{"name":"rxjs-compat","old_version":"6.5.3","new_version":"6.6.7"},{"name":"underscore","old_version":"1.12.1","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"@types/underscore","old_version":"1.9.4","new_version":"1.13.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"zone.js","old_version":"0.8.29","new_version":"0.16.2","repository_url":"https://github.com/angular/angular"},{"name":"@types/text-encoding-utf-8","old_version":"1.0.1","new_version":"1.0.5","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"karma-chrome-launcher","old_version":"3.1.0","new_version":"3.2.0","repository_url":"https://github.com/karma-runner/karma-chrome-launcher"},{"name":"sass","old_version":"1.89.2","new_version":"1.100.0","repository_url":"https://github.com/sass/dart-sass"}],"path":null,"ecosystem":"npm"},"body":"Bumps the web-npm-minor-patch group with 9 updates in the /web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-saver](https://github.com/eligrey/FileSaver.js) | `2.0.2` | `2.0.5` |\n| [js-beautify](https://github.com/beautifier/js-beautify) | `1.10.2` | `1.15.4` |\n| rxjs-compat | `6.5.3` | `6.6.7` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.12.1` | `1.13.8` |\n| [@types/underscore](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/underscore) | `1.9.4` | `1.13.0` |\n| [zone.js](https://github.com/angular/angular/tree/HEAD/packages/zone.js) | `0.8.29` | `0.16.2` |\n| [@types/text-encoding-utf-8](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/text-encoding-utf-8) | `1.0.1` | `1.0.5` |\n| [karma-chrome-launcher](https://github.com/karma-runner/karma-chrome-launcher) | `3.1.0` | `3.2.0` |\n| [sass](https://github.com/sass/dart-sass) | `1.89.2` | `1.100.0` |\n\n\nUpdates `file-saver` from 2.0.2 to 2.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eligrey/FileSaver.js/releases\"\u003efile-saver's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.4\u003c/h2\u003e\n\u003cp\u003echanges how it detect safari\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eligrey/FileSaver.js/blob/master/CHANGELOG.md\"\u003efile-saver's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eligrey/FileSaver.js/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-beautify` from 1.10.2 to 1.15.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/beautifier/js-beautify/releases\"\u003ejs-beautify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.3 🌈\u003c/h2\u003e\n\u003cp\u003eDowngrade \u003ccode\u003eglob\u003c/code\u003e to v10.x for Node.js 18.x support\u003c/p\u003e\n\u003ch2\u003ev1.15.2 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.15.1 🌈\u003c/h2\u003e\n\u003ch2\u003eHOTFIX\u003c/h2\u003e\n\u003cp\u003eMerged \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2288\"\u003e#2288\u003c/a\u003e to beautifier.io dropping \u003ccode\u003epolyfill.io\u003c/code\u003e  usage.\u003c/p\u003e\n\u003ch2\u003ev1.15.0 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.11 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.9 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.8 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.6 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.5 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.2 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.0 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.12.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.11.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/beautifier/js-beautify/blob/main/CHANGELOG.md\"\u003ejs-beautify's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade nopt to v7.x to maintain Node.js v14 compatibility (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2358\"\u003e#2358\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix node 18 support by downgrading glob to v10 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2350\"\u003e#2350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch SNYK-JS-CROSSSPAWN-8303230 issue brought it through old glob package (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease wheels on pypi (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2313\"\u003e#2313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eModuleNotFoundError: No module named 'setuptools.command.test' as of latest setuptools package release (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2301\"\u003e#2301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python]Compatible with setuptools\u0026gt;=72 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2300\"\u003e#2300\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTurn new angular templating off by default in html (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2247\"\u003e#2247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePerf regression in latest release (1.15.0) (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2246\"\u003e#2246\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2219\"\u003e#2219\u003c/a\u003e - formatting of new Angular control flow syntax (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2221\"\u003e#2221\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEditor not working \u003ca href=\"https://beautifier.io/\"\u003ehttps://beautifier.io/\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2201\"\u003e#2201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet nodejs minimum to v14 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInvalid prettification of object with unicode escape character as object key (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2159\"\u003e#2159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003einvalid json being generated with wrap_line_length (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1932\"\u003e#1932\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump semver and editorconfig (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate editorconfig package (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow to configure the \u0026quot;custom elements as inline elements\u0026quot; behavior (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2113\"\u003e#2113\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire nodejs v12 or greater (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2151\"\u003e#2151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCSS insideNonNestedAtRule generic variable  (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2147\"\u003e#2147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate dependencies (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2145\"\u003e#2145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI build (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2144\"\u003e#2144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2133\"\u003e#2133\u003c/a\u003e Theme Toggle on without_codemirror Mode (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2138\"\u003e#2138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003euse correct variable name (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2135\"\u003e#2135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: Fix a few typos (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for new record types (cont.) (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2118\"\u003e#2118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix - semicolon followed by block statement doesnt have new line (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2117\"\u003e#2117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix formatting related to the \u003c!-- raw HTML omitted --\u003e element (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eissue prettifying (function(){code();{code}})() (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1852\"\u003e#1852\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDoc: Updates web browser implementation examples (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2107\"\u003e#2107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHTML formatter breaks layout by introducing newlines (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1989\"\u003e#1989\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGlobs no longer work on Windows in 1.14.5 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/1eab9a1c5e360f375cd77cafc3921ec7558fb705\"\u003e\u003ccode\u003e1eab9a1\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/staging/main' into staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/b8174edb90f0f6fe05372ba61b1fbaa1793af5c3\"\u003e\u003ccode\u003eb8174ed\u003c/code\u003e\u003c/a\u003e Bump version numbers for 1.15.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/0f0b61a18e348087e87c55dd77045f73a393a96f\"\u003e\u003ccode\u003e0f0b61a\u003c/code\u003e\u003c/a\u003e Update Changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/11faca4ea08aaf86f4b547a5b0cf9518592fd8c9\"\u003e\u003ccode\u003e11faca4\u003c/code\u003e\u003c/a\u003e Downgrade nopt to maintain nodejs 14 support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/53bf08942f6dd2f502585ac459c3d98937a0476b\"\u003e\u003ccode\u003e53bf089\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2353\"\u003e#2353\u003c/a\u003e from beautifier/staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/bc8ce4b436d8a42ae8ee0d1da05bdb64fbaad684\"\u003e\u003ccode\u003ebc8ce4b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2352\"\u003e#2352\u003c/a\u003e from beautifier/staging/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/78748ead003a548236f4e106cc66b4df829b7e21\"\u003e\u003ccode\u003e78748ea\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/staging/main' into staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/f37ab9177821df250b1794ddac3f1bcc2a99eaab\"\u003e\u003ccode\u003ef37ab91\u003c/code\u003e\u003c/a\u003e Bump version numbers for 1.15.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/aaeb85b78864f91accae112b325769724e295acd\"\u003e\u003ccode\u003eaaeb85b\u003c/code\u003e\u003c/a\u003e Update Changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/dc9880bc5c376d6371c181824acb5e9b93a26073\"\u003e\u003ccode\u003edc9880b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2350\"\u003e#2350\u003c/a\u003e from weiwei/fix-node-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beautifier/js-beautify/compare/v1.10.2...v1.15.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rxjs-compat` from 6.5.3 to 6.6.7\n\nUpdates `underscore` from 1.12.1 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.12.1...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/underscore` from 1.9.4 to 1.13.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/underscore\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zone.js` from 0.8.29 to 0.16.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/angular/angular/blob/main/packages/zone.js/CHANGELOG.md\"\u003ezone.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.2 (2026-05-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(zone.js): support vitest patching in zone.js/testing (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/68395\"\u003e#68395\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/62c6e3b\"\u003e62c6e3b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/68395\"\u003e#68395\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/68395\"\u003e#68395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(zone.js): allow draining microtasks in \u003ccode\u003ePromise.then\u003c/code\u003e (through flag) (\u003ca href=\"https://github.com/angular/angular/commit/fc6a7ee\"\u003efc6a7ee\u003c/a\u003e), closes \u003ca href=\"https://github.com/angular/issues/45273\"\u003eangular#45273\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/44446\"\u003eangular#44446\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/55590\"\u003eangular#55590\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/51328\"\u003eangular#51328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.1 (2026-02-18)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(zone.js): support passthrough of Promise.try API (\u003ca href=\"https://github.com/angular/angular/commit/fc557f0\"\u003efc557f0\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/67057\"\u003e#67057\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.0 (2025-11-19)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(zone.js): Support jasmine v6 (\u003ca href=\"https://github.com/angular/angular/commit/48abe00\"\u003e48abe00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(zone.js): waitForAsync should pass args to the test function (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/61755\"\u003e#61755\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/3c216c1\"\u003e3c216c1\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/61755\"\u003e#61755\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/61717\"\u003e#61717\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/61755\"\u003e#61755\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): Add internal implementation for auto ticking fakeAsync (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/62135\"\u003e#62135\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/0a827f9\"\u003e0a827f9\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/62135\"\u003e#62135\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/62135\"\u003e#62135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): Improve missing proxy zone error for jest imported (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/64497\"\u003e#64497\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/ced2fa5\"\u003eced2fa5\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/64497\"\u003e#64497\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/47603\"\u003e#47603\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/64497\"\u003e#64497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): remove legacy browser support (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/63511\"\u003e#63511\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/2e46596\"\u003e2e46596\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/63511\"\u003e#63511\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63511\"\u003e#63511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): remove unused jasmine globalerror monkey patching. (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/63077\"\u003e#63077\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/9aef481\"\u003e9aef481\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/63077\"\u003e#63077\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63072\"\u003e#63072\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63077\"\u003e#63077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(zone.js): refactor tests to remove usage of shelljs (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/64042\"\u003e#64042\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/422a3b9\"\u003e422a3b9\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/64042\"\u003e#64042\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/64042\"\u003e#64042\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBREAKING CHANGE\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIE/Non-Chromium Edge are not supported anymore.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.15.0...zone.js-0.15.1\"\u003e0.15.1\u003c/a\u003e (2025-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e classes that extend Error should retain cause property (\u003ca href=\"https://redirect.github.com/angular/angular/issues/61599\"\u003e#61599\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/ad8931cb4968b2bd25b05dcd3d856ec32e4d7145\"\u003ead8931c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e more robust check for promise-like objects (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57388\"\u003e#57388\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/e608e6cfbbc9fba7c74bfef72f102a502e951e6c\"\u003ee608e6c\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/57385\"\u003e#57385\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e remove \u003ccode\u003eabort\u003c/code\u003e listener once fetch is settled (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57882\"\u003e#57882\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/69763491c3ffb576822b179af3363ec666d43bce\"\u003e6976349\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.14.10...zone.js-0.15.0\"\u003e0.15.0\u003c/a\u003e (2024-08-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e Add support for addition jest functions. (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57280\"\u003e#57280\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/e1240c6f5d9a3d68ccef7ffbf0a0646ad1164cd8\"\u003ee1240c6\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/57277\"\u003e#57277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e Update the default behavior of fakeAsync to flush after the test (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57240\"\u003e#57240\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/70e8b40750e894bc1439713cd508d8bd9fafb7a4\"\u003e70e8b40\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e \u003ccode\u003efakeAsync\u003c/code\u003e will now flush pending timers at the end of\nthe given function by default. To opt-out of this, you can use \u003ccode\u003e{flush: false}\u003c/code\u003e in options parameter of \u003ccode\u003efakeAsync\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.14.8...zone.js-0.14.10\"\u003e0.14.10\u003c/a\u003e (2024-08-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/angular/angular/commits/zone.js-0.16.2/packages/zone.js\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~google-wombot\"\u003egoogle-wombot\u003c/a\u003e, a new releaser for zone.js since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/text-encoding-utf-8` from 1.0.1 to 1.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/text-encoding-utf-8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/underscore` from 1.9.4 to 1.13.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/underscore\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `karma-chrome-launcher` from 3.1.0 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/releases\"\u003ekarma-chrome-launcher's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2023-04-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd process.env.ProgramW6432 as root location for binaries (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e12a73db\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.1.1\"\u003e3.1.1\u003c/a\u003e (2022-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eartificially trigger a release (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e83fdc3c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/blob/master/CHANGELOG.md\"\u003ekarma-chrome-launcher's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2023-04-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd process.env.ProgramW6432 as root location for binaries (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e12a73db\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.1.1\"\u003e3.1.1\u003c/a\u003e (2022-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eartificially trigger a release (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e83fdc3c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/e92a2b4c19d43fe47a3322a31f72d2a5bfcf77b0\"\u003e\u003ccode\u003ee92a2b4\u003c/code\u003e\u003c/a\u003e chore(release): 3.2.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e\u003ccode\u003e12a73db\u003c/code\u003e\u003c/a\u003e feat: add process.env.ProgramW6432 as root location for binaries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d193ef328ed9cb6474b59137e106cf67319f5262\"\u003e\u003ccode\u003ed193ef3\u003c/code\u003e\u003c/a\u003e build(deps): bump semver-regex from 3.1.3 to 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d1c05e372a4c3f1c784257f4127bab1ff0460afe\"\u003e\u003ccode\u003ed1c05e3\u003c/code\u003e\u003c/a\u003e build(deps): bump engine.io and karma\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/3f0cd9985703fae99d123530600c248f0df9209a\"\u003e\u003ccode\u003e3f0cd99\u003c/code\u003e\u003c/a\u003e build(deps): bump qs and body-parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/5f3cbb1df8a95ab212c8dbb8ff1f03efbaf9a3c6\"\u003e\u003ccode\u003e5f3cbb1\u003c/code\u003e\u003c/a\u003e chore(release): 3.1.1 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e\u003ccode\u003e83fdc3c\u003c/code\u003e\u003c/a\u003e fix: artificially trigger a release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/4dc0bd282c9a20e8ebdbbb0b636816959f498195\"\u003e\u003ccode\u003e4dc0bd2\u003c/code\u003e\u003c/a\u003e docs: fix Karma's url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/5400b23199c682bc6bc00739fd6a8d9f6c520bed\"\u003e\u003ccode\u003e5400b23\u003c/code\u003e\u003c/a\u003e docs: explain testing, linting and commit linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d2ad8c69f7f88e479ac6b40e4e699232d8a675c3\"\u003e\u003ccode\u003ed2ad8c6\u003c/code\u003e\u003c/a\u003e build: disallow \u003ccode\u003echore\u003c/code\u003e type commits\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sass` from 1.89.2 to 1.100.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sass/dart-sass/releases\"\u003esass's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDart Sass 1.100.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.100.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eWriting two compound selectors adjacent to one another without any whitespace between them, such as \u003ccode\u003e[class]a\u003c/code\u003e, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/adjacent-compounds\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#11000\"\u003efull changelog\u003c/a\u003e for changes in earlier releases.\u003c/p\u003e\n\u003ch2\u003eDart Sass 1.99.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.99.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for parent selectors (\u003ccode\u003e\u0026amp;\u003c/code\u003e) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#using_outside_nested_rule\"\u003ethe scoping root\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003ecalc\u003c/code\u003e or \u003ccode\u003eclamp\u003c/code\u003e are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in \u003ccode\u003ecalc()\u003c/code\u003e or \u003ccode\u003eclamp()\u003c/code\u003e function.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e, \u003ccode\u003e-url\u003c/code\u003e, \u003ccode\u003e-and\u003c/code\u003e, \u003ccode\u003e-or\u003c/code\u003e, or \u003ccode\u003e-not\u003c/code\u003e are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003eEXPRESSION\u003c/code\u003e, \u003ccode\u003eURL\u003c/code\u003e, and \u003ccode\u003eELEMENT\u003c/code\u003e, those that begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-ELEMENT\u003c/code\u003e, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn a future release, calls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e and \u003ccode\u003e-url\u003c/code\u003e will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCalls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-progid:...\u003c/code\u003e are deprecated.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1990\"\u003efull changelog\u003c/a\u003e for changes in earlier releases.\u003c/p\u003e\n\u003ch2\u003eDart Sass 1.98.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.98.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sass/dart-sass/blob/main/CHANGELOG.md\"\u003esass's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.100.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eWriting two compound selectors adjacent to one another without any whitespace\nbetween them, such as \u003ccode\u003e[class]a\u003c/code\u003e, is now deprecated. This was always an error\nin CSS and Sass only supported it by mistake.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/adjacent-compounds\"\u003ethe Sass website\u003c/a\u003e for\ndetails.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.99.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for parent selectors (\u003ccode\u003e\u0026amp;\u003c/code\u003e) at the root of the document. These are\nemitted as-is in the CSS output, where they're interpreted as \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#using_outside_nested_rule\"\u003ethe scoping\nroot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003ecalc\u003c/code\u003e or \u003ccode\u003eclamp\u003c/code\u003e are no longer forbidden. If\nsuch a function exists without a namespace in the current module, it will be\nused instead of the built-in \u003ccode\u003ecalc()\u003c/code\u003e or \u003ccode\u003eclamp()\u003c/code\u003e function.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e,\n\u003ccode\u003e-url\u003c/code\u003e, \u003ccode\u003e-and\u003c/code\u003e, \u003ccode\u003e-or\u003c/code\u003e, or \u003ccode\u003e-not\u003c/code\u003e are no longer forbidden. These were\noriginally intended to match vendor prefixes, but in practice no vendor\nprefixes for these functions ever existed in real browsers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003eEXPRESSION\u003c/code\u003e, \u003ccode\u003eURL\u003c/code\u003e, and \u003ccode\u003eELEMENT\u003c/code\u003e, those that\nbegin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-ELEMENT\u003c/code\u003e, as well as the same names with some\nlowercase letters are now deprecated, These are names conflict with plain CSS\nfunctions that have special syntax.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn a future release, calls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end\nwith \u003ccode\u003e-expression\u003c/code\u003e and \u003ccode\u003e-url\u003c/code\u003e will no longer have special parsing. For now,\nthese calls are deprecated if their behavior will change in the future.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCalls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-progid:...\u003c/code\u003e are\ndeprecated.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.98.0\u003c/h2\u003e\n\u003ch3\u003eCommand-Line Interface\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGracefully handle dependency loops in \u003ccode\u003e--watch\u003c/code\u003e mode.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/5fd18c75e31a855476059fb6fb0c6aa829292739\"\u003e\u003ccode\u003e5fd18c7\u003c/code\u003e\u003c/a\u003e Bump node engine requirement to \u0026gt;=20.19.0 and chokidar requirement to ^5.0.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/8c1d984e420d891c9c92ba1afc8b28e70a2afb78\"\u003e\u003ccode\u003e8c1d984\u003c/code\u003e\u003c/a\u003e Deprecate adjacent compound selectors (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2765\"\u003e#2765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/8e5f7180b4f3de4281d3454090548c03e9db8135\"\u003e\u003ccode\u003e8e5f718\u003c/code\u003e\u003c/a\u003e Bump postcss from 8.5.12 to 8.5.13 in /pkg/sass-parser (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2767\"\u003e#2767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/1447f9b42e89d693ce308bad9cbf8ec3e1db78c4\"\u003e\u003ccode\u003e1447f9b\u003c/code\u003e\u003c/a\u003e Bump postcss from 8.5.8 to 8.5.12 in /pkg/sass-parser (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2766\"\u003e#2766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/83c39fec93ab0dc183a46cff2bc468999ce53e20\"\u003e\u003ccode\u003e83c39fe\u003c/code\u003e\u003c/a\u003e Support the top-level parent selector (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2758\"\u003e#2758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/ec85871864ca16f8045e66ad329bd462e791bfa1\"\u003e\u003ccode\u003eec85871\u003c/code\u003e\u003c/a\u003e Bump EndBug/add-and-commit from 9 to 10 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2756\"\u003e#2756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/a604acd19ad2ce31ef2efe9aa5950b0c5fcc74a9\"\u003e\u003ccode\u003ea604acd\u003c/code\u003e\u003c/a\u003e [Function Name] Implement changes (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2731\"\u003e#2731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/5a81ae3348caab2131ee08c8c0141337420372b5\"\u003e\u003ccode\u003e5a81ae3\u003c/code\u003e\u003c/a\u003e Bump version to 1.98.0 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2754\"\u003e#2754\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/e25e71ddd86b29b6a91f189a1211656081d1932a\"\u003e\u003ccode\u003ee25e71d\u003c/code\u003e\u003c/a\u003e Update immutable to v5.1.5 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2753\"\u003e#2753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/43fac1a989ce2a9ee66d95d99f739881462ee3a8\"\u003e\u003ccode\u003e43fac1a\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2747\"\u003e#2747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sass/dart-sass/compare/1.89.2...1.100.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for sass since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/elkozmon/zoonavigator/pull/152","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/elkozmon%2Fzoonavigator/issues/152","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/152/packages"},{"uuid":"4479645509","node_id":"PR_kwDOJEmqjs7dLl_R","number":942,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","no-pr-activity","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T17:41:03.000Z","updated_at":"2026-05-27T01:26:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"fastify","old_version":"4.29.0","new_version":"5.8.5","repository_url":"https://github.com/fastify/fastify"},{"name":"undici","old_version":"6.20.1","new_version":"6.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"@protobufjs/utf8","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"defu","old_version":"6.1.4","new_version":"6.1.7","repository_url":"https://github.com/unjs/defu"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"h3","old_version":"1.13.0","new_version":"1.15.11","repository_url":"https://github.com/h3js/h3"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"markdown-it","old_version":"14.1.0","new_version":"14.1.1","repository_url":"https://github.com/markdown-it/markdown-it"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"pbkdf2","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/browserify/pbkdf2"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"rollup","old_version":"4.28.1","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastify](https://github.com/fastify/fastify) | `4.29.0` | `5.8.5` |\n| [undici](https://github.com/nodejs/undici) | `6.20.1` | `6.24.0` |\n| [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [h3](https://github.com/h3js/h3) | `1.13.0` | `1.15.11` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.2` |\n| [rollup](https://github.com/rollup/rollup) | `4.28.1` | `4.60.4` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n\nBumps the npm_and_yarn group with 4 updates in the /sdk directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [rollup](https://github.com/rollup/rollup).\n\nUpdates `fastify` from 4.29.0 to 5.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fastify/releases\"\u003efastify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.5\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-33806 \u003ca href=\"https://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\"\u003ehttps://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: Fix port parsing by \u003ca href=\"https://github.com/jsumners\"\u003e\u003ccode\u003e@​jsumners\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6603\"\u003efastify/fastify#6603\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: upgrade to typescript v6.0.2 by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6605\"\u003efastify/fastify#6605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: restore trustProxy function for number and string types, add null check for socketAddr by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6613\"\u003efastify/fastify#6613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reduce cron scheduled workflows from daily/weekly to monthly by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6623\"\u003efastify/fastify#6623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6629\"\u003efastify/fastify#6629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6632\"\u003efastify/fastify#6632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump borp from 0.21.0 to 1.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6633\"\u003efastify/fastify#6633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6630\"\u003efastify/fastify#6630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ecosystem): add \u003ccode\u003e@​pompelmi/fastify-plugin\u003c/code\u003e by \u003ca href=\"https://github.com/SonoTommy\"\u003e\u003ccode\u003e@​SonoTommy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6610\"\u003efastify/fastify#6610\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonoTommy\"\u003e\u003ccode\u003e@​SonoTommy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6610\"\u003efastify/fastify#6610\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify/compare/v5.8.4...v5.8.5\"\u003ehttps://github.com/fastify/fastify/compare/v5.8.4...v5.8.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.8.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify/compare/v5.8.3...v5.8.4\"\u003ehttps://github.com/fastify/fastify/compare/v5.8.3...v5.8.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.8.3\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-3635 \u003ca href=\"https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf\"\u003ehttps://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs(readme): add \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e to plugin team by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6565\"\u003efastify/fastify#6565\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated Plugins-Guide.md; Changed \u0026quot;fastify\u0026quot; to \u0026quot;instance\u0026quot; during plugin registration to showcase that it's added as a child by \u003ca href=\"https://github.com/kyrylchenko\"\u003e\u003ccode\u003e@​kyrylchenko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6566\"\u003efastify/fastify#6566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: use fastify.test in test case by \u003ca href=\"https://github.com/climba03003\"\u003e\u003ccode\u003e@​climba03003\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6568\"\u003efastify/fastify#6568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: use fastify.example in documentation by \u003ca href=\"https://github.com/climba03003\"\u003e\u003ccode\u003e@​climba03003\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6567\"\u003efastify/fastify#6567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add common performance degradation guidance by \u003ca href=\"https://github.com/maxpetrusenko\"\u003e\u003ccode\u003e@​maxpetrusenko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6520\"\u003efastify/fastify#6520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(server): fix camelCase anchor links in TOC by \u003ca href=\"https://github.com/Deepvamja\"\u003e\u003ccode\u003e@​Deepvamja\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6530\"\u003efastify/fastify#6530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(link-checker): fix root-relative links resolution by \u003ca href=\"https://github.com/barba-rossa\"\u003e\u003ccode\u003e@​barba-rossa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6535\"\u003efastify/fastify#6535\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update syntax markdown, absolute paths and links by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6569\"\u003efastify/fastify#6569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify content-type parser/schema mismatch is outside threat model by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6537\"\u003efastify/fastify#6537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix incorrect code examples in Reply and Request reference by \u003ca href=\"https://github.com/mahmoodhamdi\"\u003e\u003ccode\u003e@​mahmoodhamdi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6582\"\u003efastify/fastify#6582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: replace redirected npm.im http-errors link by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6588\"\u003efastify/fastify#6588\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: Allow port to be null in request type definition by \u003ca href=\"https://github.com/TristanBarlow\"\u003e\u003ccode\u003e@​TristanBarlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6589\"\u003efastify/fastify#6589\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update links by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6593\"\u003efastify/fastify#6593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(lock-threads): use shared lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6592\"\u003efastify/fastify#6592\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kyrylchenko\"\u003e\u003ccode\u003e@​kyrylchenko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6566\"\u003efastify/fastify#6566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/maxpetrusenko\"\u003e\u003ccode\u003e@​maxpetrusenko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6520\"\u003efastify/fastify#6520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Deepvamja\"\u003e\u003ccode\u003e@​Deepvamja\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6530\"\u003efastify/fastify#6530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/barba-rossa\"\u003e\u003ccode\u003e@​barba-rossa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6535\"\u003efastify/fastify#6535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/3983cce8124714242099e8756a7a9a80a0ba0aea\"\u003e\u003ccode\u003e3983cce\u003c/code\u003e\u003c/a\u003e Bumped v5.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/3ce3ae6752dbed672759856081af9cb1e2733105\"\u003e\u003ccode\u003e3ce3ae6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/b06a196b694c0c7aed53976cd77456f1ad7d4c9f\"\u003e\u003ccode\u003eb06a196\u003c/code\u003e\u003c/a\u003e docs(ecosystem): add \u003ccode\u003e@​pompelmi/fastify-plugin\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6610\"\u003e#6610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/909c5d5329536b0acc004da7649b3da8af9273b2\"\u003e\u003ccode\u003e909c5d5\u003c/code\u003e\u003c/a\u003e chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6630\"\u003e#6630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/4db21a36ddb588acaebf5a4472ccb3b0d5fc9db0\"\u003e\u003ccode\u003e4db21a3\u003c/code\u003e\u003c/a\u003e chore: Bump borp from 0.21.0 to 1.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6633\"\u003e#6633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/0f4e544c8acd7c42df347936e613a73cecc4f3fe\"\u003e\u003ccode\u003e0f4e544\u003c/code\u003e\u003c/a\u003e chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6632\"\u003e#6632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/33a2fcd39de584713495bf4b3bd864137746f224\"\u003e\u003ccode\u003e33a2fcd\u003c/code\u003e\u003c/a\u003e chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6629\"\u003e#6629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/fd35d829a8cd496a3c1170c0c1c021130e3ca0e8\"\u003e\u003ccode\u003efd35d82\u003c/code\u003e\u003c/a\u003e ci: reduce cron schedules from daily/weekly to monthly (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6623\"\u003e#6623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/8dee9be05ebf683cd212aeff1d294f6ea1ec405c\"\u003e\u003ccode\u003e8dee9be\u003c/code\u003e\u003c/a\u003e fix: restore trustProxy function for number and string types, add null check ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/d457aeda8611777389c7e4713a288eb7ddb9a389\"\u003e\u003ccode\u003ed457aed\u003c/code\u003e\u003c/a\u003e chore: upgrade to typescript v6.0.2 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6605\"\u003e#6605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fastify/compare/v4.29.0...v5.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~climba03003\"\u003eclimba03003\u003c/a\u003e, a new releaser for fastify since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 6.20.1 to 6.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.23.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4e0179ae643e6f4380f24cc3683c1b1ca2afb094\"\u003e\u003ccode\u003e4e0179a\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5a97f0893b53ba7d1d5549d3df7e55d9c2673f89\"\u003e\u003ccode\u003e5a97f08\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/e43e898603dd5e0c14a75b08b83257598d664a39\"\u003e\u003ccode\u003ee43e898\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v6.20.1...v6.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@protobufjs/utf8` from 1.1.0 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dcodeIO/protobuf.js/releases\"\u003e@​protobufjs/utf8's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1\"\u003e1.1.1\u003c/a\u003e (2023-02-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e fix relative path to Google pb files (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1859\"\u003e#1859\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e42eea4868b11f4a07934804a56683321ed191e2\"\u003ee42eea4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ab3862d133ab9b824f12eab5f993784333543dbf\"\u003e\u003ccode\u003eab3862d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2255\"\u003e#2255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e\u003ccode\u003e0853a62\u003c/code\u003e\u003c/a\u003e fix: Backport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6\"\u003e\u003ccode\u003ed7035f9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e\u003ccode\u003e54b593f\u003c/code\u003e\u003c/a\u003e fix: Backport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dcodeIO/protobuf.js/compare/protobufjs-cli-v1.1.0...fetch-v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `defu` from 6.1.4 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/releases\"\u003edefu's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExport Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/blob/main/CHANGELOG.md\"\u003edefu's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edefu.d.cts:\u003c/strong\u003e Export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tea.yaml (\u003ca href=\"https://github.com/unjs/defu/commit/70cffe5\"\u003e70cffe5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate repo (\u003ca href=\"https://github.com/unjs/defu/commit/23cc432\"\u003e23cc432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typecheck (\u003ca href=\"https://github.com/unjs/defu/commit/89df6bb\"\u003e89df6bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🤖 CI\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695\"\u003e\u003ccode\u003e80c0146\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321\"\u003e\u003ccode\u003e40d7ef4\u003c/code\u003e\u003c/a\u003e fix(defu.d.cts): export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697\"\u003e\u003ccode\u003e3d3a7c8\u003c/code\u003e\u003c/a\u003e build: correct the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b\"\u003e\u003ccode\u003e001c290\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12\"\u003e\u003ccode\u003e407b516\u003c/code\u003e\u003c/a\u003e build: fix mixed types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315\"\u003e\u003ccode\u003e23e59e6\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9\"\u003e\u003ccode\u003e11ba022\u003c/code\u003e\u003c/a\u003e fix: ignore inherited enumerable properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29\"\u003e\u003ccode\u003e3942bfb\u003c/code\u003e\u003c/a\u003e fix: prevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/d3ef16dabe861713192ba8679c5db8e0ac143f9b\"\u003e\u003ccode\u003ed3ef16d\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/checkout action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/869a053effb7b1bf49a1635e1bb211840daa589e\"\u003e\u003ccode\u003e869a053\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 2.4.0 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly set license to BSD-3-Clause in package.json by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/102\"\u003efastify/fast-uri#102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/102\"\u003efastify/fast-uri#102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.2...v3.0.3\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.0.2...v3.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse \u003ccode\u003etape\u003c/code\u003e by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/95\"\u003efastify/fast-uri#95\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eperf(index): merge concurrent \u003ccode\u003earray.push\u003c/code\u003e calls by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/97\"\u003efastify/fast-uri#97\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows from 4.2.1 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/98\"\u003efastify/fast-uri#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: properly parse userinfo in uri by \u003ca href=\"https://github.com/zekth\"\u003e\u003ccode\u003e@​zekth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/101\"\u003efastify/fast-uri#101\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.1...v3.0.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.0.1...v3.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix \u003ccode\u003eurijs\u003c/code\u003e fragment handling incompatibility by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/93\"\u003efastify/fast-uri#93\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.0...v3.0.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.0.0...v3.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: skip nonSimpleDomain when it is an IP by \u003ca href=\"https://github.com/Uzlopak\"\u003e\u003ccode\u003e@​Uzlopak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/87\"\u003efastify/fast-uri#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: improve stringToHexStripped by \u003ca href=\"https://github.com/Uzlopak\"\u003e\u003ccode\u003e@​Uzlopak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/88\"\u003efastify/fast-uri#88\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd uri-js tests by \u003ca href=\"https://github.com/Uzlopak\"\u003e\u003ccode\u003e@​Uzlopak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/86\"\u003efastify/fast-uri#86\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge \u003ccode\u003enext\u003c/code\u003e into \u003ccode\u003emain\u003c/code\u003e by \u003ca href=\"https://github.com/jsumners\"\u003e\u003ccode\u003e@​jsumners\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/92\"\u003efastify/fast-uri#92\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jsumners\"\u003e\u003ccode\u003e@​jsumners\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/92\"\u003efastify/fast-uri#92\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v2.4.0...v3.0.0\"\u003ehttps://github.com/fastify/fast-uri/compare/v2.4.0...v3.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a79e2061bc3d3e8e6d06ee091be02d66d2a7f3e2\"\u003e\u003ccode\u003ea79e206\u003c/code\u003e\u003c/a\u003e Bumped v3.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/803edf207efa5b46334cbf26e561483aaa7a76dd\"\u003e\u003ccode\u003e803edf2\u003c/code\u003e\u003c/a\u003e Correctly set license to BSD-3-Clause in package.json (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a81bfb8ca4298d0b857bbab48f15c2abc6a8232f\"\u003e\u003ccode\u003ea81bfb8\u003c/code\u003e\u003c/a\u003e Bumped v3.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/2ebe20afd5971adb6ed5c07e38aae6cdcbc1fc47\"\u003e\u003ccode\u003e2ebe20a\u003c/code\u003e\u003c/a\u003e fix(parse): do not encode userinfo (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/33a3129fd5b53a6161b226d04edc1fd7000d6d0c\"\u003e\u003ccode\u003e33a3129\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows from 4.2.1 to 5.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/98\"\u003e#98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/26cd10a0bb1b71308a174819da8132a747b4c456\"\u003e\u003ccode\u003e26cd10a\u003c/code\u003e\u003c/a\u003e refactor(index): merge concurrent \u003ccode\u003earray.push\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/0655453e59a27c0956b99c403ede48552092dfa9\"\u003e\u003ccode\u003e0655453\u003c/code\u003e\u003c/a\u003e use \u003ccode\u003etape\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/986abce97b2303c69011da82805285a59e5967de\"\u003e\u003ccode\u003e986abce\u003c/code\u003e\u003c/a\u003e v3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/b16b7477140571cf053343cfebb356a756e5c0b8\"\u003e\u003ccode\u003eb16b747\u003c/code\u003e\u003c/a\u003e fix \u003ccode\u003eurijs\u003c/code\u003e fragment handling incompatibility (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/5964558737eab37fffed66987be5b6a4d550f528\"\u003e\u003ccode\u003e5964558\u003c/code\u003e\u003c/a\u003e v3.0.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v2.4.0...v3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h3` from 1.13.0 to 1.15.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/h3/releases\"\u003eh3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.10...v1.15.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate defu to 6.1.6 (\u003ca href=\"https://github.com/h3js/h3/commit/6125485\"\u003e6125485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8\"\u003e4998dd8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate cookie-es (\u003ca href=\"https://github.com/h3js/h3/commit/d166186\"\u003ed166186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.9...v1.15.10\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSergio Azócar (\u003ca href=\"https://github.com/sergioazoc\"\u003e\u003ccode\u003e@​sergioazoc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.9\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.9\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Prevent path traversal via double-encoded dot segments (\u003ccode\u003e%252e%252e\u003c/code\u003e) (\u003ca href=\"https://github.com/h3js/h3/commit/c56683d\"\u003ec56683d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esse:\u003c/strong\u003e Sanitize carriage returns in event stream data and comments (\u003ca href=\"https://github.com/h3js/h3/commit/ba3c3fe\"\u003eba3c3fe\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.8\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.8\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.6...v1.15.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Narrow path traversal check to match \u003ccode\u003e..\u003c/code\u003e as a path segment only (\u003ca href=\"https://github.com/h3js/h3/commit/c049dc0\"\u003ec049dc0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapp:\u003c/strong\u003e Decode percent-encoded path segments to prevent auth bypass (\u003ca href=\"https://github.com/h3js/h3/commit/313ea52\"\u003e313ea52\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e💅 Refactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove implicit event handler conversion warning (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1340\"\u003e#1340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/h3/blob/v1.15.11/CHANGELOG.md\"\u003eh3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.10...v1.15.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate defu to 6.1.6 (\u003ca href=\"https://github.com/h3js/h3/commit/6125485\"\u003e6125485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8\"\u003e4998dd8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate cookie-es (\u003ca href=\"https://github.com/h3js/h3/commit/d166186\"\u003ed166186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.9...v1.15.10\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/26fec6f\"\u003e26fec6f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSergio Azócar (\u003ca href=\"https://github.com/sergioazoc\"\u003e\u003ccode\u003e@​sergioazoc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.9\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.9\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Prevent path traversal via double-encoded dot segments (\u003ccode\u003e%252e%252e\u003c/code\u003e) (\u003ca href=\"https://github.com/h3js/h3/commit/c56683d\"\u003ec56683d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esse:\u003c/strong\u003e Sanitize carriage returns in event stream data and comments (\u003ca href=\"https://github.com/h3js/h3/commit/ba3c3fe\"\u003eba3c3fe\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erelease:\u003c/strong\u003e V1.15.8 (\u003ca href=\"https://github.com/h3js/h3/commit/e3b9c9e\"\u003ee3b9c9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/23045df\"\u003e23045df\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/7b9f41fda6038d26a367c2a26a07ed83ee1dbaac\"\u003e\u003ccode\u003e7b9f41f\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/d166186ed63de5a21fa4bb0aede4f4574994a3b5\"\u003e\u003ccode\u003ed166186\u003c/code\u003e\u003c/a\u003e chore: update cookie-es\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8de60ddd6a182948e543143eaa56927399\"\u003e\u003ccode\u003e4998dd8\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/612548586357cbf0bad27bcb1b1615f4c40b1560\"\u003e\u003ccode\u003e6125485\u003c/code\u003e\u003c/a\u003e chore: update defu to 6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/b72bb57060cf68e627575e0c350742f4fa8206fa\"\u003e\u003ccode\u003eb72bb57\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/d8ef318fa9ce086036588443d683f97f9bb9faf8\"\u003e\u003ccode\u003ed8ef318\u003c/code\u003e\u003c/a\u003e remove resolutions for h3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/26fec6ff549e646bef284b8df4e267ddb8fc0b67\"\u003e\u003ccode\u003e26fec6f\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/51ca9b3750a2a1426257c96e5a81001e3ec3bb42\"\u003e\u003ccode\u003e51ca9b3\u003c/code\u003e\u003c/a\u003e fix: preserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/issues/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/4e8d43a7703d0d5c8bbc09748db1d8b9f3c51b42\"\u003e\u003ccode\u003e4e8d43a\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/23045df515a67f00182b5f7ca126cbec40efda4d\"\u003e\u003ccode\u003e23045df\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/h3js/h3/compare/v1.13.0...v1.15.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `markdown-it` from 14.1.0 to 14.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md\"\u003emarkdown-it's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[14.1.1] - 2026-01-11\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression from v13 in linkify inline rule. Specific patterns could\ncause high CPU use. Thanks to \u003ca href=\"https://github.com/ltduc147\"\u003e\u003ccode\u003e@​ltduc147\u003c/code\u003e\u003c/a\u003e for report.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/b4a9b659ef5734223731cfaa3ad5eacc6fc22918\"\u003e\u003ccode\u003eb4a9b65\u003c/code\u003e\u003c/a\u003e 14.1.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/4b4bbcae5e0990a5b172378e507b33a59012ed26\"\u003e\u003ccode\u003e4b4bbca\u003c/code\u003e\u003c/a\u003e Fixed perf regression in linkify-it wrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/d2782d892a51201b25d3eeab172201ad5a53a24c\"\u003e\u003ccode\u003ed2782d8\u003c/code\u003e\u003c/a\u003e Add supplementary example-driven documentation (\u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1092\"\u003e#1092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/markdown-it/markdown-it/compare/14.1.0...14.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/...\n\n_Description has been truncated_","html_url":"https://github.com/thirdweb-dev/engine/pull/942","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/thirdweb-dev%2Fengine/issues/942","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/942/packages"},{"uuid":"4472925664","node_id":"PR_kwDONEDTgM7c18Lq","number":74,"state":"closed","title":"Bump the npm_and_yarn group across 2 directories with 23 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T09:04:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T22:11:05.000Z","updated_at":"2026-05-19T09:04:58.000Z","time_to_close":39229,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":23,"packages":[{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"postcss","old_version":"8.4.38","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"minimatch","old_version":"9.0.3","new_version":"9.0.7","repository_url":"https://github.com/isaacs/minimatch"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.22.5","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"@protobufjs/utf8","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@tootallnate/once","old_version":"1.1.2","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"axios","old_version":"0.21.4","new_version":"0.26.1","repository_url":"https://github.com/axios/axios"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"5.0.6","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.14.5","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.7","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"lodash-es","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"1.9.0","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.0","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.2.4","new_version":"7.6.0","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"serialize-javascript","old_version":"4.0.0","new_version":"6.0.2","repository_url":"https://github.com/yahoo/serialize-javascript"},{"name":"svgo","old_version":"1.3.2","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"tar","old_version":"6.1.15","new_version":"6.2.1","repository_url":"https://github.com/isaacs/node-tar"},{"name":"underscore","old_version":"1.13.6","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"undici","old_version":"5.28.1","new_version":"5.29.0","repository_url":"https://github.com/nodejs/undici"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"4.15.2","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"yaml","old_version":"1.10.2","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 23 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.38` | `8.5.10` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.3` | `9.0.7` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.22.5` | `7.29.4` |\n| [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `1.1.2` | `2.0.1` |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.26.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `5.0.6` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.5` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.7` | `4.7.9` |\n| [lodash-es](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `1.9.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.0` | `2.3.2` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.2.4` | `7.6.0` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `4.0.0` | `6.0.2` |\n| [svgo](https://github.com/svg/svgo) | `1.3.2` | `2.8.2` |\n| [tar](https://github.com/isaacs/node-tar) | `6.1.15` | `6.2.1` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.6` | `1.13.8` |\n| [undici](https://github.com/nodejs/undici) | `5.28.1` | `5.29.0` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.1` | `4.15.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `2.9.0` |\n\nBumps the npm_and_yarn group with 2 updates in the /components/ide/gha-update-image directory: [axios](https://github.com/axios/axios) and [yaml](https://github.com/eemeli/yaml).\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.38 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e during \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1995\"\u003ehis work\u003c/a\u003e on \u003ca href=\"https://stylelint.io\"\u003eStylelint\u003c/a\u003e added \u003ccode\u003eInput#document\u003c/code\u003e in additional to \u003ccode\u003eInput#css\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eroot.source.input.document //=\u0026gt; \u0026quot;\u0026lt;p\u0026gt;Hello\u0026lt;/p\u0026gt;\r\n                           //    \u0026lt;style\u0026gt;\r\n                           //    p {\r\n                           //      color: green;\r\n                           //    }\r\n                           //    \u0026lt;/style\u0026gt;\u0026quot;\r\nroot.source.input.css      //=\u0026gt; \u0026quot;p {\r\n                           //      color: green;\r\n                           //    }\u0026quot;\r\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.49\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax without \u003ccode\u003esource.offset\u003c/code\u003e (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.38...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.3 to 9.0.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2de496f6d9362dd92460f35ffa6ff8de2907244b\"\u003e\u003ccode\u003e2de496f\u003c/code\u003e\u003c/a\u003e 9.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0d4616de9193bf1d359271662e92657bb51b2f75\"\u003e\u003ccode\u003e0d4616d\u003c/code\u003e\u003c/a\u003e limit nested extglob recursion, flatten extglobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7117ef381e74deace1c62a74d2298c8fe61d10ca\"\u003e\u003ccode\u003e7117ef3\u003c/code\u003e\u003c/a\u003e 9.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2418458b7fe82e0a1fd1a1b6f618c41c90b9848a\"\u003e\u003ccode\u003e2418458\u003c/code\u003e\u003c/a\u003e update deps, do not checkin dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1d1f531009d5e4a86083de37e5ef3f301e073986\"\u003e\u003ccode\u003e1d1f531\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/03b1778ab34a0ead5729800307143669ef328096\"\u003e\u003ccode\u003e03b1778\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/f1aaffe08fe6651f340fb5bd0191cb5c8800a3c7\"\u003e\u003ccode\u003ef1aaffe\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/50126552835505d2c73ba13e8bdaafd737469a2f\"\u003e\u003ccode\u003e5012655\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/3515d1e3d52a85f894927100b199c0a4246d3898\"\u003e\u003ccode\u003e3515d1e\u003c/code\u003e\u003c/a\u003e [meta] add publishConfig.tag legacy-v9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0de7f45232cad5e3e49e4eb7cd9b6e124ed04b84\"\u003e\u003ccode\u003e0de7f45\u003c/code\u003e\u003c/a\u003e 9.0.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v9.0.3...v9.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.22.5 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@protobufjs/utf8` from 1.1.0 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dcodeIO/protobuf.js/releases\"\u003e@​protobufjs/utf8's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1\"\u003e1.1.1\u003c/a\u003e (2023-02-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e fix relative path to Google pb files (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1859\"\u003e#1859\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e42eea4868b11f4a07934804a56683321ed191e2\"\u003ee42eea4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ab3862d133ab9b824f12eab5f993784333543dbf\"\u003e\u003ccode\u003eab3862d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2255\"\u003e#2255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e\u003ccode\u003e0853a62\u003c/code\u003e\u003c/a\u003e fix: Backport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6\"\u003e\u003ccode\u003ed7035f9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e\u003ccode\u003e54b593f\u003c/code\u003e\u003c/a\u003e fix: Backport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dcodeIO/protobuf.js/compare/protobufjs-cli-v1.1.0...fetch-v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 1.1.2 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.0\u003c/h2\u003e\n\u003ch3\u003eMajor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBig refactor for v2: \u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/5\"\u003e#5\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eReturns a regular \u003ccode\u003ePromise\u003c/code\u003e instead of \u003ccode\u003eCancelablePromise\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Promise is \u003cstrong\u003estrongly typed\u003c/strong\u003e when posssible. This is the main new feature.\u003c/li\u003e\n\u003cli\u003eAlways returns the full array of arguments passed to the event handler (i.e. what was previously \u003ccode\u003eonce.spread()\u003c/code\u003e is now the regular \u003ccode\u003eonce()\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eCompatible with \u003ca href=\"https://nodejs.org/api/globals.html#globals_class_abortcontroller\"\u003e\u003ccode\u003eAbortController\u003c/code\u003e\u003c/a\u003e to remove event listeners before the Promise has been fulfilled.\u003c/li\u003e\n\u003cli\u003eRequires TypeScript v4 or newer.\u003c/li\u003e\n\u003cli\u003eJest tests running CI via GitHub Actions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eREADME.md\u003c/code\u003e: d00821f35b44ed48466b8e5d202c2788e3688df6\u003c/li\u003e\n\u003cli\u003eCreate LICENSE: \u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/2\"\u003e#2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix: c3260138d77811bde3823cebd490ff59b35fe32f\u003c/li\u003e\n\u003cli\u003eRemove test script: \u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/4\"\u003e#4\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/lewish\"\u003e\u003ccode\u003e@​lewish\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/vivekkj123\"\u003e\u003ccode\u003e@​vivekkj123\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b71b6e880044ab2110d3f2c753cd3d218e5e262e\"\u003e\u003ccode\u003eb71b6e8\u003c/code\u003e\u003c/a\u003e 2.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/4460bfff4ae5d25d8855e9957dca4c1ba115291c\"\u003e\u003ccode\u003e4460bff\u003c/code\u003e\u003c/a\u003e Big refactor for v2 (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/5\"\u003e#5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/c4862ce1e420a7324d22ccee3652422e454d1712\"\u003e\u003ccode\u003ec4862ce\u003c/code\u003e\u003c/a\u003e Remove test script (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/4\"\u003e#4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/de4a704b54936d83c8d6347d28665fe3b66c6de6\"\u003e\u003ccode\u003ede4a704\u003c/code\u003e\u003c/a\u003e Create LICENSE (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/2\"\u003e#2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/TooTallNate/once/compare/1.1.2...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.21.4 to 0.26.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.26.1\u003c/h2\u003e\n\u003ch3\u003eFixes and Functionality:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRefactored project file structure to avoid circular imports (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4220\"\u003e#4220\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.26.0\u003c/h2\u003e\n\u003ch3\u003eFixes and Functionality:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed The timeoutErrorMessage property in config not work with Node.js (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3581\"\u003e#3581\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded errors to be displayed when the query parsing process itself fails (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3961\"\u003e#3961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix/remove url required (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4426\"\u003e#4426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate follow-redirects dependency due to Vulnerability (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump karma from 6.3.11 to 6.3.14 (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4461\"\u003e#4461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump follow-redirects from 1.14.7 to 1.14.8 (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4473\"\u003e#4473\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.25.0\u003c/h2\u003e\n\u003ch3\u003eBreaking changes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixing maxBodyLength enforcement (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3786\"\u003e#3786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't rely on strict mode behaviour for arguments (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3470\"\u003e#3470\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding error handling when missing url (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3791\"\u003e#3791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate isAbsoluteURL.js removing escaping of non-special characters (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3809\"\u003e#3809\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse native Array.isArray() in utils.js (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3836\"\u003e#3836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding error handling inside stream end callback (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3967\"\u003e#3967\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes and Functionality:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded aborted even handler (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3916\"\u003e#3916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHeader types expanded allowing \u003ccode\u003eboolean\u003c/code\u003e and \u003ccode\u003enumber\u003c/code\u003e types (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4144\"\u003e#4144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix cancel signature allowing cancel message to be \u003ccode\u003eundefined\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3153\"\u003e#3153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated type checks to be formulated better (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3342\"\u003e#3342\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid unnecessary buffer allocations (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3321\"\u003e#3321\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding a socket handler to keep TCP connection live when processing long living requests (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3422\"\u003e#3422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded toFormData helper function (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3757\"\u003e#3757\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding responseEncoding prop type in AxiosRequestConfig (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3918\"\u003e#3918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal and Tests:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdding axios-test-instance to ecosystem (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3786\"\u003e#3786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOptimize the logic of isAxiosError (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3546\"\u003e#3546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd tests and documentation to display how multiple inceptors work (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3564\"\u003e#3564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdating follow-redirects to version 1.14.7 (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4379\"\u003e#4379\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixing changelog to show corrext pull request (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4219\"\u003e#4219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate upgrade guide for https proxy setting (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3604\"\u003e#3604\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eHuge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/blob/HEAD/mailto:jasonsaayman@gmail.com\"\u003eJay\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rijkvanzanten\"\u003eRijk van Zanten\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koh110\"\u003eKohta Ito\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bfaulk96\"\u003eBrandon Faulkner\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NoriSte\"\u003eStefano Magni\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fanguangyi\"\u003eenofan\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8e67551177990ed067384e1641d6964dcab773f7\"\u003e\u003ccode\u003e8e67551\u003c/code\u003e\u003c/a\u003e Update line on methods, update TS definition to allow strings (\u003ca href=\"https://redirect.github.com/axios/axios/issues/3802\"\u003e#3802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/224ed940e15b615336bc104b3478b137f7a48b86\"\u003e\u003ccode\u003e224ed94\u003c/code\u003e\u003c/a\u003e Add AxiosInterceptorOptions to d.ts (\u003ca href=\"https://redirect.github.com/axios/axios/issues/3800\"\u003e#3800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/bdb7d76d40407443dceaf9efa5d5a01ee4ef4da5\"\u003e\u003ccode\u003ebdb7d76\u003c/code\u003e\u003c/a\u003e Adding baseURL to be used in getUri(), also removing question mark trimming s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/195c8e5ff5af6506e5c3e9423cd3c6e839b9cc86\"\u003e\u003ccode\u003e195c8e5\u003c/code\u003e\u003c/a\u003e Returned error treated when requesting uncommon URL (\u003ca href=\"https://redirect.github.com/axios/axios/issues/3544\"\u003e#3544\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/412d3bd6078433dda4a7eb4d86e021dbc57fdeb2\"\u003e\u003ccode\u003e412d3bd\u003c/code\u003e\u003c/a\u003e Adding support for beforeRedirect config option (\u003ca href=\"https://redirect.github.com/axios/axios/issues/3852\"\u003e#3852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3d13b67c562d45434536697bb232e2b1fba8e035\"\u003e\u003ccode\u003e3d13b67\u003c/code\u003e\u003c/a\u003e Fix FormData example (\u003ca href=\"https://redirect.github.com/axios/axios/issues/4391\"\u003e#4391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/45cb5ad7164257a7ad007bc99d1d004205249ab7\"\u003e\u003ccode\u003e45cb5ad\u003c/code\u003e\u003c/a\u003e Updated README example to be coherent with the CommonJS usage (\u003ca href=\"https://redirect.github.com/axios/axios/issues/4418\"\u003e#4418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2396fcd7e9b27853670759ee95d8f64156730159\"\u003e\u003ccode\u003e2396fcd\u003c/code\u003e\u003c/a\u003e Bump karma from 6.3.14 to 6.3.16 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/4506\"\u003e#4506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/170588f3d78f855450d1ce50968651a54cda7386\"\u003e\u003ccode\u003e170588f\u003c/code\u003e\u003c/a\u003e Refactored project file structure to avoid circular imports; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/4220\"\u003e#4220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6e63edf455b6854feeeb0d2394fe0d1d854b55e0\"\u003e\u003ccode\u003e6e63edf\u003c/code\u003e\u003c/a\u003e Bump url-parse from 1.5.4 to 1.5.10 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/4501\"\u003e#4501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.21.4...v0.26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 5.0.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efmt  5a5cc17\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  0b6a978\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v4.0.0...v4.0.1\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v4.0.0...v4.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use string replaces instead of splits (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/64\"\u003e#64\u003c/a\u003e)  278132b\u003c/li\u003e\n\u003cli\u003efmt  dd72a59\u003c/li\u003e\n\u003cli\u003eadd \u003ccode\u003etea.yaml\u003c/code\u003e  70e4c1b\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v3.0.0...v4.0.0\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v3.0.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAs a precaution to not risk breaking anything with 278132b, this is a new semver major release\u003c/p\u003e\n\u003ch2\u003ev3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 3.x  3059c07\u003c/li\u003e\n\u003cli\u003efmt  8229e6f\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  15f9b3c\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v3.0.0...v3.0.1\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v3.0.0...v3.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to ES Modules and balanced-match 3.0.0 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/62\"\u003e#62\u003c/a\u003e)  c0360e8\u003c/li\u003e\n\u003cli\u003eadded jsdoc (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/55\"\u003e#55\u003c/a\u003e)  68c0e37\u003c/li\u003e\n\u003cli\u003enode 16 is EOL  9e781e9\u003c/li\u003e\n\u003cli\u003eadd standard  3494c4d\u003c/li\u003e\n\u003cli\u003euse const and let (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/57\"\u003e#57\u003c/a\u003e)  dd5a4cb\u003c/li\u003e\n\u003cli\u003edocs  6dad209\u003c/li\u003e\n\u003cli\u003eremove \u003ccode\u003etest\u003c/code\u003e  e3dd8ae\u003c/li\u003e\n\u003cli\u003eci: update node versions  d23ede9\u003c/li\u003e\n\u003cli\u003edocs: add \u003ca href=\"https://github.com/lanodan\"\u003e\u003ccode\u003e@​lanodan\u003c/code\u003e\u003c/a\u003e to contributors  1eb3fa4\u003c/li\u003e\n\u003cli\u003edocs  1e7c9cd\u003c/li\u003e\n\u003cli\u003eswitch from tape to test module (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/60\"\u003e#60\u003c/a\u003e)  2520537\u003c/li\u003e\n\u003cli\u003eBump minimist from 1.2.5 to 1.2.6 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/59\"\u003e#59\u003c/a\u003e)  61a94f1\u003c/li\u003e\n\u003cli\u003eBump path-parse from 1.0.6 to 1.0.7 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/51\"\u003e#51\u003c/a\u003e)  dc741cf\u003c/li\u003e\n\u003cli\u003edocs: add back ci badge  8ee5626\u003c/li\u003e\n\u003cli\u003eAdd github actions, remove travis. Closes \u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/52\"\u003e#52\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/53\"\u003e#53\u003c/a\u003e)  5c8756a\u003c/li\u003e\n\u003cli\u003eCI: Drop unused sudo: false Travis directive (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/50\"\u003e#50\u003c/a\u003e)  05978a7\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v3.0.0\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.0.1...v3.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 2.x  14f1d91\u003c/li\u003e\n\u003cli\u003efmt  ed7780a\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  36603d5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/46317b5d8779c151d24f65c9c139cd076f91a1c3\"\u003e\u003ccode\u003e46317b5\u003c/code\u003e\u003c/a\u003e 5.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c0b095bdc52bc4c36dc88deddbadabc49f8371e5\"\u003e\u003ccode\u003ec0b095b\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ec5602085a81ca7c954f6780c6a3aef0b1e200cf\"\u003e\u003ccode\u003eec56020\u003c/code\u003e\u003c/a\u003e Bump picomatch from 4.0.3 to 4.0.4 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/87939017c6cb6be56b98c6fa2059b073315cd534\"\u003e\u003ccode\u003e8793901\u003c/code\u003e\u003c/a\u003e 5.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/9a02af5c5c80731fae470cc3218c16876bb25051\"\u003e\u003ccode\u003e9a02af5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a\"\u003e\u003ccode\u003edaa71bc\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.10 to 7.5.11 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/799e5f7a222b0ea29052090b80fab2125a846543\"\u003e\u003ccode\u003e799e5f7\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.9 to 7.5.10 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/012c230b7f71ca0c43febfa2dc3b710f63f129dd\"\u003e\u003ccode\u003e012c230\u003c/code\u003e\u003c/a\u003e 5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/243c491714270462decf1293b395e0aa6f6c15c4\"\u003e\u003ccode\u003e243c491\u003c/code\u003e\u003c/a\u003e Fix handling of brackets. Closes \u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/87\"\u003e#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/609f8588070198ca6ff7132d2f78bbae5c991b93\"\u003e\u003ccode\u003e609f858\u003c/code\u003e\u003c/a\u003e Correct incorrect brace-expansion import (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/89\"\u003e#89\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v5.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.14.5 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.14.5...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.7 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jaylinski\"\u003ejaylinski\u003c/a\u003e, a new releaser for handlebars since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash-es` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash-es's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a...\n\n_Description has been truncated_","html_url":"https://github.com/dragonflycapital/gitpod/pull/74","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dragonflycapital%2Fgitpod/issues/74","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/74/packages"},{"uuid":"4465033421","node_id":"PR_kwDORVzEBc7cchzg","number":2,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-17T21:45:45.000Z","updated_at":"2026-05-17T21:46:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"@modelcontextprotocol/sdk","old_version":"1.22.0","new_version":"1.26.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@tootallnate/once","old_version":"1.1.2","new_version":"removed","repository_url":"https://github.com/TooTallNate/once"},{"name":"@xmldom/xmldom","old_version":"0.8.11","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"5.2.5","new_version":"5.7.3","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the /packages/openmemory-js directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.22.0` | `1.26.0` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `1.1.2` | `removed` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.2.5` | `5.7.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n\nBumps the npm_and_yarn group with 5 updates in the /apps/vscode-extension directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `2.1.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `@modelcontextprotocol/sdk` from 1.22.0 to 1.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.26.0\u003c/h2\u003e\n\u003cp\u003eAddresses \u0026quot;Sharing server/transport instances can leak cross-client response data\u0026quot; in this GHSA \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: bump v1.25.3 for backport fixes by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\"\u003emodelcontextprotocol/typescript-sdk#1412\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by \u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) by \u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.26.0 by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\"\u003emodelcontextprotocol/typescript-sdk#1479\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v1.x backport] Use correct schema for client sampling validation when tools are present by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\"\u003emodelcontextprotocol/typescript-sdk#1407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent Hono from overriding global Response object (v1.x) by \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\"\u003emodelcontextprotocol/typescript-sdk#1411\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: trigger workflow on v1.x branch by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\"\u003emodelcontextprotocol/typescript-sdk#1319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: README badges links destinations by \u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\"\u003emodelcontextprotocol/typescript-sdk#1365\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.25.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espec types - backwards compatibility changes by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1306\"\u003emodelcontextprotocol/typescript-sdk#1306\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version for patch fix by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1307\"\u003emodelcontextprotocol/typescript-sdk#1307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003elist changed handlers on client constructor by \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1206\"\u003emodelcontextprotocol/typescript-sdk#1206\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRole - moved from inline to reusable type by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1221\"\u003emodelcontextprotocol/typescript-sdk#1221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use versioned npm tag for non-main branch releases by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1236\"\u003emodelcontextprotocol/typescript-sdk#1236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNo automatic completion support unless needed - Revisited yet again by \u003ca href=\"https://github.com/cliffhall\"\u003e\u003ccode\u003e@​cliffhall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1237\"\u003emodelcontextprotocol/typescript-sdk#1237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Support updating output schema by \u003ca href=\"https://github.com/vincent0426\"\u003e\u003ccode\u003e@​vincent0426\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1048\"\u003emodelcontextprotocol/typescript-sdk#1048\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"\u003e\u003ccode\u003efe9c07b\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.26.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"\u003e\u003ccode\u003e4f01e7e\u003c/code\u003e\u003c/a\u003e fix: add non-null assertions for optional setupServer fields in stateful test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"\u003e\u003ccode\u003ea05be17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"\u003e\u003ccode\u003e50d9fa3\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\"\u003e#1442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"\u003e\u003ccode\u003eaa81a66\u003c/code\u003e\u003c/a\u003e fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"\u003e\u003ccode\u003e6aba065\u003c/code\u003e\u003c/a\u003e chore: bump v1.25.3 for backport fixes (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\"\u003e#1412\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"\u003e\u003ccode\u003e6e8f7e1\u003c/code\u003e\u003c/a\u003e fix: prevent Hono from overriding global Response object (v1.x) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\"\u003e#1411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"\u003e\u003ccode\u003e12ae856\u003c/code\u003e\u003c/a\u003e [v1.x backport] Use correct schema for client sampling validation when tools ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"\u003e\u003ccode\u003eb392f02\u003c/code\u003e\u003c/a\u003e fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\"\u003e#1365\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"\u003e\u003ccode\u003ea0c9b13\u003c/code\u003e\u003c/a\u003e fix: README badges links destinations (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\"\u003e#907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.22.0...v1.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nRemoves `@tootallnate/once`\n\nUpdates `@xmldom/xmldom` from 0.8.11 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `body-parser` from 2.2.0 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/releases\"\u003ebody-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README links by \u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: release notes for the v1.20.4 release by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/674\"\u003eexpressjs/body-parser#674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update URL-encoded parser description to include ISO-8859-1 encoding support by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/679\"\u003eexpressjs/body-parser#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: use standard jsdoc tags everywhere by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/677\"\u003eexpressjs/body-parser#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@^6.14.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/689\"\u003eexpressjs/body-parser#689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/693\"\u003eexpressjs/body-parser#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.2.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/691\"\u003eexpressjs/body-parser#691\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\"\u003ehttps://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.1\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-13466\"\u003eCVE-2025-13466\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: add dependabot by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/593\"\u003eexpressjs/body-parser#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use full SHAs for github action versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/594\"\u003eexpressjs/body-parser#594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: type-is@^2.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/599\"\u003eexpressjs/body-parser#599\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/609\"\u003eexpressjs/body-parser#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/610\"\u003eexpressjs/body-parser#610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/611\"\u003eexpressjs/body-parser#611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/613\"\u003eexpressjs/body-parser#613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/612\"\u003eexpressjs/body-parser#612\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add codeql github workflows scanning by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/614\"\u003eexpressjs/body-parser#614\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update CodeQL config to ignore the test directory by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/615\"\u003eexpressjs/body-parser#615\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/620\"\u003eexpressjs/body-parser#620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/619\"\u003eexpressjs/body-parser#619\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): unpin devDependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/616\"\u003eexpressjs/body-parser#616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/621\"\u003eexpressjs/body-parser#621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/623\"\u003eexpressjs/body-parser#623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/624\"\u003eexpressjs/body-parser#624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/617\"\u003eexpressjs/body-parser#617\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/625\"\u003eexpressjs/body-parser#625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/630\"\u003eexpressjs/body-parser#630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: move common request validation to read function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/600\"\u003eexpressjs/body-parser#600\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump iconv-lite by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/631\"\u003eexpressjs/body-parser#631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: pull beta changelog forward into 2.0.0 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/629\"\u003eexpressjs/body-parser#629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: optimize raw and text parsers with shared passthrough function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/634\"\u003eexpressjs/body-parser#634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/640\"\u003eexpressjs/body-parser#640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/639\"\u003eexpressjs/body-parser#639\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/636\"\u003eexpressjs/body-parser#636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/637\"\u003eexpressjs/body-parser#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/638\"\u003eexpressjs/body-parser#638\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: raw-body@^3.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/641\"\u003eexpressjs/body-parser#641\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/blob/master/HISTORY.md\"\u003ebody-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.2.2 / 2026-01-07\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@^6.14.1\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.2.1 / 2025-11-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps:\n\u003cul\u003e\n\u003cli\u003etype-is@^2.0.1\u003c/li\u003e\n\u003cli\u003eiconv-lite@^0.7.0\n\u003cul\u003e\n\u003cli\u003eHandle split surrogate pairs when encoding UTF-8\u003c/li\u003e\n\u003cli\u003eAvoid false positives in \u003ccode\u003eencodingExists\u003c/code\u003e by using prototype-less objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eraw-body@^3.0.1\u003c/li\u003e\n\u003cli\u003edebug@^4.4.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/3d248660b2e8b66732b232d7c758517fbf2420a6\"\u003e\u003ccode\u003e3d24866\u003c/code\u003e\u003c/a\u003e 2.2.2 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/8474a984c3ba36a1b4328ce019833b99caa0f08f\"\u003e\u003ccode\u003e8474a98\u003c/code\u003e\u003c/a\u003e refactor(json): simplify strict mode error string construction (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/03f17c2538552a57e6be537afca8c7587bd40aaa\"\u003e\u003ccode\u003e03f17c2\u003c/code\u003e\u003c/a\u003e deps: qs@^6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/689\"\u003e#689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/ea1f25e503c1b2f7ba6f8562724ae0fcd247fb75\"\u003e\u003ccode\u003eea1f25e\u003c/code\u003e\u003c/a\u003e docs: use standard jsdoc tags everywhere (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d7deef8ec61307fa28c22bc443cf8ed2f267945a\"\u003e\u003ccode\u003ed7deef8\u003c/code\u003e\u003c/a\u003e docs: update URL-encoded parser description to include ISO-8859-1 encoding su...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b6f52aabc65137c5227c8a462bddb761daeb96e7\"\u003e\u003ccode\u003eb6f52aa\u003c/code\u003e\u003c/a\u003e docs: release notes for the v1.20.4 release (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/2965ca4af4883109cb2f651f4ce12da310902a0c\"\u003e\u003ccode\u003e2965ca4\u003c/code\u003e\u003c/a\u003e docs: update links (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d96b63da8d7445de317736471633bac83ec76cbb\"\u003e\u003ccode\u003ed96b63d\u003c/code\u003e\u003c/a\u003e 2.2.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b204886a6744b0b6d297cd0e849d75de836f3b63\"\u003e\u003ccode\u003eb204886\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2025-13466\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/e20e3512e085c1162e8ffe36ac65c705a8017251\"\u003e\u003ccode\u003ee20e351\u003c/code\u003e\u003c/a\u003e feat: remove \u003ccode\u003ehistory.md\u003c/code\u003e from being packaged on publish (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/660\"\u003e#660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/body-parser/compare/v2.2.0...v2.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 5.2.5 to 5.7.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003efix minor old bugs and update builder\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ebackward compatibility for numerical external entity, fix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eupgrade \u003ccode\u003e@​nodable/entities\u003c/code\u003e and FXB\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to use entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo API change\u003c/li\u003e\n\u003cli\u003eNo change in performance for basic usage\u003c/li\u003e\n\u003cli\u003eNo typing change\u003c/li\u003e\n\u003cli\u003eNo config change\u003c/li\u003e\n\u003cli\u003enew dependency\u003c/li\u003e\n\u003cli\u003ebreaking: error messages for entities might have been changed.\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\"\u003ehttps://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eperformance improvment, increase entity expansion default limit\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eincrease default entity explansion limit as many projects demand for that\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003emaxEntitySize: 10000,\r\nmaxExpansionDepth: 10000,\r\nmaxTotalExpansions: Infinity,\r\nmaxExpandedLength: 100000,\r\nmaxEntityCount: 1000,\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eperformance improvement\n\u003cul\u003e\n\u003cli\u003ereduce calls to toString\u003c/li\u003e\n\u003cli\u003eearly return when entities are not present\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003eNote: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eNote: Due to some last quick changes on v4, detail of v4.5.3 \u0026amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion\u003c/p\u003e\n\u003cp\u003e*\u003cem\u003e5.8.0 / 2026-05-12\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintegrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)\n\u003cul\u003e\n\u003cli\u003eThis will consider xml-version as well. '1.0' is default\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eYou can set octal and binary parsing which is bydeault off\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate fast-xml-builder to 1.2.0\n\u003cul\u003e\n\u003cli\u003ecan sanitize tag names if found invalid\u003c/li\u003e\n\u003cli\u003efix format output\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.3 / 2006-05-05\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.2 / 2026-04-25\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.1 / 2026-04-20\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in CJS typing file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.0 / 2026-04-17\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to user entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.6.0 / 2026-04-15\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: entity replacement for numeric entities\u003c/li\u003e\n\u003cli\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\n\u003cul\u003e\n\u003cli\u003ethis may change some error messages related to entities expansion limit or inavlid use\u003c/li\u003e\n\u003cli\u003epost check would be exposed in future version\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d6d80429b1d1f1420902e1cebac6fe7831ba0839\"\u003e\u003ccode\u003ed6d8042\u003c/code\u003e\u003c/a\u003e update to release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d2633709699520c514208ea70e31adb6d71ab0e8\"\u003e\u003ccode\u003ed263370\u003c/code\u003e\u003c/a\u003e remove dev dependency 'he'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f9c9a2c19f819ab6fe0856ef4e94d6aa28fe1eec\"\u003e\u003ccode\u003ef9c9a2c\u003c/code\u003e\u003c/a\u003e update builder to 1.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/b65da87028f943abf5698b96385eef21e39f983e\"\u003e\u003ccode\u003eb65da87\u003c/code\u003e\u003c/a\u003e update changelog and mark addEntity deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/c2ca631f99d4d7f66e0d48001741bc8784cfe966\"\u003e\u003ccode\u003ec2ca631\u003c/code\u003e\u003c/a\u003e update fxb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/da7519163bfdc257e90be781a05af83840b330a8\"\u003e\u003ccode\u003eda75191\u003c/code\u003e\u003c/a\u003e fix stop node expression when ns prefix is removed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/31bbc99adedcada7d52bc4745273e7d8b9824b31\"\u003e\u003ccode\u003e31bbc99\u003c/code\u003e\u003c/a\u003e fix: alwaysCreateTextNode should create text node when attributes are present...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/dab327a05acd4f62bba277fb924e2e751079eca0\"\u003e\u003ccode\u003edab327a\u003c/code\u003e\u003c/a\u003e remove unnecessary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/ab04eeb91d3013d56c6a949cf45c17deaa3a0fc8\"\u003e\u003ccode\u003eab04eeb\u003c/code\u003e\u003c/a\u003e update docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/383cb3feee7f8181379f41836359e6b53379db5d\"\u003e\u003ccode\u003e383cb3f\u003c/code\u003e\u003c/a\u003e Revise security information for v6 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.2.5...v5.7.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.0.1 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e in...\n\n_Description has been truncated_","html_url":"https://github.com/nilhemdot/OpenMemory/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilhemdot%2FOpenMemory/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4457829875","node_id":"PR_kwDOOHO_y87cHLu-","number":27,"state":"open","title":"Bump the npm_and_yarn group across 16 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T00:25:20.000Z","updated_at":"2026-05-16T00:25:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"ajv","old_version":"6.12.6","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.2","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.4.47","new_version":"8.5.14","repository_url":"https://github.com/postcss/postcss"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.25.7","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 1 update in the / directory: [systeminformation](https://github.com/sebhildebrandt/systeminformation).\nBumps the npm_and_yarn group with 3 updates in the /examples/angular directory: [fast-uri](https://github.com/fastify/fast-uri), [hono](https://github.com/honojs/hono) and [ip-address](https://github.com/beaugunderson/ip-address).\nBumps the npm_and_yarn group with 1 update in the /examples/angularjs_require/test directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 4 updates in the /examples/backbone directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash), [qs](https://github.com/ljharb/qs) and [underscore](https://github.com/jashkenas/underscore).\nBumps the npm_and_yarn group with 1 update in the /examples/backbone_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/dijon directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 14 updates in the /examples/emberjs/todomvc directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `8.20.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `2.1.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.2` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `9.0.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.14` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.7` | `7.29.4` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /examples/javascript-es5 directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 9 updates in the /examples/javascript-es6 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [qs](https://github.com/ljharb/qs) | `6.11.0` | `6.15.1` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `8.20.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.14` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.5` |\n\nBumps the npm_and_yarn group with 4 updates in the /examples/jquery directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash), [qs](https://github.com/ljharb/qs) and [handlebars](https://github.com/handlebars-lang/handlebars.js).\nBumps the npm_and_yarn group with 1 update in the /examples/knockback directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/lavaca_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 2 updates in the /examples/typescript-backbone directory: [lodash](https://github.com/lodash/lodash) and [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 3 updates in the /examples/web-components directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [qs](https://github.com/ljharb/qs).\n\nUpdates `systeminformation` from 5.31.5 to 5.31.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sebhildebrandt/systeminformation/releases\"\u003esysteminformation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.31.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sebhildebrandt/systeminformation/compare/v5.31.5...v5.31.6\"\u003ehttps://github.com/sebhildebrandt/systeminformation/compare/v5.31.5...v5.31.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md\"\u003esysteminformation's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003eMajor Changes - Version 5\u003c/h2\u003e\n\u003ch4\u003eNew Functions\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eaudio()\u003c/code\u003e detailed audio information\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebluetoothDevices()\u003c/code\u003e detailed information detected bluetooth devices\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edockerImages()\u003c/code\u003e detailed information docker images\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edockerVolumes()\u003c/code\u003e detailed information docker volumes\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eprinters()\u003c/code\u003e detailed printer information\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eusb()\u003c/code\u003e detailed USB information\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewifiInterfaces()\u003c/code\u003e detected Wi-Fi interfaces\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewifiConnections()\u003c/code\u003e active Wi-Fi connections\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBreaking Changes\u003c/h4\u003e\n\u003cp\u003e\u003cstrong\u003eBe aware\u003c/strong\u003e, that the new version 5.x \u003cstrong\u003eis NOT fully backward compatible\u003c/strong\u003e to\nversion 4.x ...\u003c/p\u003e\n\u003cp\u003eWe had to make \u003cstrong\u003eseveral interface changes\u003c/strong\u003e to keep systeminformation as\nconsistent as possible. We highly\n\u003ca href=\"https://systeminformation.io/changes.html\"\u003erecommend to go through the complete list\u003c/a\u003e\nand adapt your own code to be again compatible to the new version 5.\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFunction\u003c/th\u003e\n\u003cth\u003eOld\u003c/th\u003e\n\u003cth\u003eNew (V5)\u003c/th\u003e\n\u003cth\u003eComments\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003eunsupported values\u003c/td\u003e\n\u003ctd\u003e-1\u003c/td\u003e\n\u003ctd\u003enull\u003c/td\u003e\n\u003ctd\u003evalues which are unknown or\u003c!-- raw HTML omitted --\u003eunsupported on platform\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003ebattery()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003ehasbattery\u003c!-- raw HTML omitted --\u003ecyclecount\u003c!-- raw HTML omitted --\u003eischarging\u003c!-- raw HTML omitted --\u003edesignedcapacity\u003c!-- raw HTML omitted --\u003emaxcapacity\u003c!-- raw HTML omitted --\u003eacconnected\u003c!-- raw HTML omitted --\u003etimeremaining\u003c/td\u003e\n\u003ctd\u003ehasBattery\u003c!-- raw HTML omitted --\u003ecycleCount\u003c!-- raw HTML omitted --\u003eisCharging\u003c!-- raw HTML omitted --\u003edesignedCapacity\u003c!-- raw HTML omitted --\u003emaxCapacity\u003c!-- raw HTML omitted --\u003eacConnected\u003c!-- raw HTML omitted --\u003etimeRemaining\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eblockDevices()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003efstype\u003c/td\u003e\n\u003ctd\u003efsType\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003ecpu()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003espeedmin\u003c!-- raw HTML omitted --\u003espeedmax\u003c/td\u003e\n\u003ctd\u003espeedMin\u003c!-- raw HTML omitted --\u003espeedMax\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003ecpu().speed\u003c/code\u003e\u003c!-- raw HTML omitted --\u003e\u003ccode\u003ecpu().speedMin\u003c/code\u003e\u003c!-- raw HTML omitted --\u003e\u003ccode\u003ecpu().speedMax\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003estring values\u003c/td\u003e\n\u003ctd\u003enow returning\u003c!-- raw HTML omitted --\u003enumerical values\u003c/td\u003e\n\u003ctd\u003ebetter value handling\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003ecpuCurrentspeed()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003ecpuCurrentSpeed()\u003c/td\u003e\n\u003ctd\u003efunction name changed\u003c!-- raw HTML omitted --\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003ecurrentLoad()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003eavgload\u003c!-- raw HTML omitted --\u003ecurrentload\u003c!-- raw HTML omitted --\u003ecurrentload_user\u003c!-- raw HTML omitted --\u003ecurrentload_system\u003c!-- raw HTML omitted --\u003ecurrentload_nice\u003c!-- raw HTML omitted --\u003ecurrentload_idle\u003c!-- raw HTML omitted --\u003ecurrentload_irq\u003c!-- raw HTML omitted --\u003eraw_currentload\u003c/td\u003e\n\u003ctd\u003eavgLoad\u003c!-- raw HTML omitted --\u003ecurrentLoad\u003c!-- raw HTML omitted --\u003ecurrentLoadUser\u003c!-- raw HTML omitted --\u003ecurrentLoadSystem\u003c!-- raw HTML omitted --\u003ecurrentLoadNice\u003c!-- raw HTML omitted --\u003ecurrentLoadIdle\u003c!-- raw HTML omitted --\u003ecurrentLoadIrq\u003c!-- raw HTML omitted --\u003erawCurrentLoad\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003edockerContainerStats()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003emem_usage\u003c!-- raw HTML omitted --\u003emem_limit\u003c!-- raw HTML omitted --\u003emem_percent\u003c!-- raw HTML omitted --\u003ecpu_percent\u003c!-- raw HTML omitted --\u003ecpu_stats\u003c!-- raw HTML omitted --\u003eprecpu_stats\u003c!-- raw HTML omitted --\u003ememory_stats\u003c/td\u003e\n\u003ctd\u003ememUsage\u003c!-- raw HTML omitted --\u003ememLimit\u003c!-- raw HTML omitted --\u003ememPercent\u003c!-- raw HTML omitted --\u003ecpuPercent\u003c!-- raw HTML omitted --\u003ecpuStats\u003c!-- raw HTML omitted --\u003eprecpuStats\u003c!-- raw HTML omitted --\u003ememoryStats\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003edockerContainerProcesses()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003epid_host\u003c/td\u003e\n\u003ctd\u003epidHost\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003egraphics().display\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003epixeldepth\u003c!-- raw HTML omitted --\u003eresolutionx\u003c!-- raw HTML omitted --\u003eresolutiony\u003c!-- raw HTML omitted --\u003esizex\u003c!-- raw HTML omitted --\u003esizey\u003c/td\u003e\n\u003ctd\u003epixelDepth\u003c!-- raw HTML omitted --\u003eresolutionX\u003c!-- raw HTML omitted --\u003eresolutionY\u003c!-- raw HTML omitted --\u003esizeX\u003c!-- raw HTML omitted --\u003esizeY\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003enetworkConnections()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003elocaladdress\u003c!-- raw HTML omitted --\u003elocalport\u003c!-- raw HTML omitted --\u003epeeraddress\u003c!-- raw HTML omitted --\u003epeerport\u003c/td\u003e\n\u003ctd\u003elocalAddress\u003c!-- raw HTML omitted --\u003elocalPort\u003c!-- raw HTML omitted --\u003epeerAddress\u003c!-- raw HTML omitted --\u003epeerPort\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003enetworkInterfaces()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003ecarrier_changes\u003c/td\u003e\n\u003ctd\u003ecarrierChanges\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eprocesses()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003emem_vsz\u003c!-- raw HTML omitted --\u003emem_rss\u003c!-- raw HTML omitted --\u003epcpu\u003c!-- raw HTML omitted --\u003epcpuu\u003c!-- raw HTML omitted --\u003epcpus\u003c!-- raw HTML omitted --\u003epmem\u003c/td\u003e\n\u003ctd\u003ememVsz\u003c!-- raw HTML omitted --\u003ememRss\u003c!-- raw HTML omitted --\u003ecpu\u003c!-- raw HTML omitted --\u003ecpuu\u003c!-- raw HTML omitted --\u003ecpus\u003c!-- raw HTML omitted --\u003emem\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c!-- raw HTML omitted --\u003erenamed attributes\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eprocessLoad()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003eresult as object\u003c/td\u003e\n\u003ctd\u003eresult as array of objects\u003c/td\u003e\n\u003ctd\u003efunction now allows to provide more than\u003c!-- raw HTML omitted --\u003eone process (as a comma separated list)\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eservices()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003epcpu\u003c!-- raw HTML omitted --\u003epmem\u003c/td\u003e\n\u003ctd\u003ecpu\u003c!-- raw HTML omitted --\u003emem\u003c/td\u003e\n\u003ctd\u003erenamed attributes\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003evbox()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003eHPET\u003c!-- raw HTML omitted --\u003ePAE\u003c!-- raw HTML omitted --\u003eAPIC\u003c!-- raw HTML omitted --\u003eX2APIC\u003c!-- raw HTML omitted --\u003eACPI\u003c!-- raw HTML omitted --\u003eIOAPIC\u003c!-- raw HTML omitted --\u003ebiosAPICmode\u003c!-- raw HTML omitted --\u003eTRC\u003c/td\u003e\n\u003ctd\u003ehpet\u003c!-- raw HTML omitted --\u003epae\u003c!-- raw HTML omitted --\u003eapic\u003c!-- raw HTML omitted --\u003ex2Apic\u003c!-- raw HTML omitted --\u003eacpi\u003c!-- raw HTML omitted --\u003eioApic\u003c!-- raw HTML omitted --\u003ebiosApicMode\u003c!-- raw HTML omitted --\u003ertc\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch4\u003eOther Improvements and Changes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebaseboard()\u003c/code\u003e: added memMax, memSlots\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebios()\u003c/code\u003e: added language and features (linux)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eblockDevices()\u003c/code\u003e added raid group member (linux)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecpu()\u003c/code\u003e: extended AMD processor list\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebhildebrandt/systeminformation/commit/da1cbf5eb09907cf5c3431f4c9ea441b7a227617\"\u003e\u003ccode\u003eda1cbf5\u003c/code\u003e\u003c/a\u003e 5.31.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebhildebrandt/systeminformation/commit/87dbb60f98dd39452bda211da0b6c63e4a7db898\"\u003e\u003ccode\u003e87dbb60\u003c/code\u003e\u003c/a\u003e fix: smaller issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebhildebrandt/systeminformation/commit/1d1bddf81267a3726b1200fa05ebe04b749f8d64\"\u003e\u003ccode\u003e1d1bddf\u003c/code\u003e\u003c/a\u003e fix: smaller issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebhildebrandt/systeminformation/commit/f69576f8da71571a988e7f430b068952c141bea9\"\u003e\u003ccode\u003ef69576f\u003c/code\u003e\u003c/a\u003e fix: networkInterfaces() ci wip\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebhildebrandt/systeminformation/commit/78624d1567d0410b3b6781caaf2441c4c32a810c\"\u003e\u003ccode\u003e78624d1\u003c/code\u003e\u003c/a\u003e fix: networkInterfaces() ci\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sebhildebrandt/systeminformation/compare/v5.31.5...v5.31.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.16 to 4.12.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.18\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eCache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage\u003c/h3\u003e\n\u003cp\u003eAffects: Cache Middleware. Fixes missing cache-skip handling for \u003ccode\u003eVary: Authorization\u003c/code\u003e and \u003ccode\u003eVary: Cookie\u003c/code\u003e, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm\u003c/p\u003e\n\u003ch3\u003eCSS Declaration Injection via Style Object Values in JSX SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes a missing CSS-context escape for \u003ccode\u003estyle\u003c/code\u003e object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p\u003c/p\u003e\n\u003ch3\u003eImproper validation of NumericDate claims (exp, nbf, iat) in JWT verify()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/utils/jwt\u003c/code\u003e. Fixes improper validation of \u003ccode\u003eexp\u003c/code\u003e, \u003ccode\u003enbf\u003c/code\u003e, and \u003ccode\u003eiat\u003c/code\u003e claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jsx): normalize SVG attributes on the \u003c!-- raw HTML omitted --\u003e root element by \u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e by \u003ca href=\"https://github.com/yuintei\"\u003e\u003ccode\u003e@​yuintei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4899\"\u003ehonojs/hono#4899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cors): make origin optional in CORSOptions by \u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): propagate middleware response types to app.on overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4906\"\u003ehonojs/hono#4906\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.16...v4.12.17\"\u003ehttps://github.com/honojs/hono/compare/v4.12.16...v4.12.17\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f10dee89ced5956b73c1cdc416d6bc0fd54d63b7\"\u003e\u003ccode\u003ef10dee8\u003c/code\u003e\u003c/a\u003e 4.12.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a5bd9ebead279ed9d0239ecbd854f629edfc0e57\"\u003e\u003ccode\u003ea5bd9eb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/58d3d3ad5656e007ed99da1b73865975952de5e9\"\u003e\u003ccode\u003e58d3d3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/568c2ecc1dd556894fad4dfa4a7ba499db6dba9c\"\u003e\u003ccode\u003e568c2ec\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/ff2b3d31df1be35f7d597a95dd3369402b6e87f2\"\u003e\u003ccode\u003eff2b3d3\u003c/code\u003e\u003c/a\u003e 4.12.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/52aaaf9714b06303ce5caa655b1d80675be687e9\"\u003e\u003ccode\u003e52aaaf9\u003c/code\u003e\u003c/a\u003e fix(types): propagate middleware response types to app.on overloads (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4906\"\u003e#4906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/76d5589e9b0569f4e74ec37e8dd6979455f70dfa\"\u003e\u003ccode\u003e76d5589\u003c/code\u003e\u003c/a\u003e fix(cors): make origin optional in CORSOptions (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4905\"\u003e#4905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/8f027e5574e91e3c7f263a728656e3888559e51a\"\u003e\u003ccode\u003e8f027e5\u003c/code\u003e\u003c/a\u003e fix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4899\"\u003e#4899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/bfba97ca7ea3d4541a3419f1749e5a1a3e8f1727\"\u003e\u003ccode\u003ebfba97c\u003c/code\u003e\u003c/a\u003e fix(jsx): normalize SVG attributes on the \u0026lt;svg\u0026gt; root element (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4893\"\u003e#4893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.16...v4.12.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.11.1 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"\u003e\u003ccode\u003ed9b4c66\u003c/code\u003e\u003c/a\u003e v6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"\u003e\u003ccode\u003ecb41a54\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"\u003e\u003ccode\u003e88e1563\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"\u003e\u003ccode\u003e9d441d2\u003c/code\u003e\u003c/a\u003e Merge backport release tags v6.0.6–v6.13.3 into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"\u003e\u003ccode\u003e85cc8ca\u003c/code\u003e\u003c/a\u003e v6.12.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.11.1...v6.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.13.6 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.13.6...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038d...\n\n_Description has been truncated_","html_url":"https://github.com/AKJUS/todomvc/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Ftodomvc/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"},{"uuid":"4449715181","node_id":"PR_kwDORIIgYM7btEkx","number":43,"state":"open","title":"chore(deps): bump underscore from 1.13.7 to 1.13.8","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T22:17:35.000Z","updated_at":"2026-05-14T22:17:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps [underscore](https://github.com/jashkenas/underscore) from 1.13.7 to 1.13.8.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.13.7...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=underscore\u0026package-manager=npm_and_yarn\u0026previous-version=1.13.7\u0026new-version=1.13.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jamelt/annobib/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jamelt/annobib/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamelt%2Fannobib/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"},{"uuid":"4443796024","node_id":"PR_kwDOOFEkfs7baLgQ","number":39,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T06:38:39.000Z","updated_at":"2026-05-14T06:39:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"axios","old_version":"1.13.5","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"multer","old_version":"2.0.2","new_version":"2.1.1","repository_url":"https://github.com/expressjs/multer"},{"name":"uuid","old_version":"11.1.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@tootallnate/once","old_version":"1.1.2","new_version":"removed","repository_url":"https://github.com/TooTallNate/once"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"qs","old_version":"6.14.1","new_version":"6.14.2","repository_url":"https://github.com/ljharb/qs"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"mongoose","old_version":"8.12.1","new_version":"8.23.1","repository_url":"https://github.com/Automattic/mongoose"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.15.2` |\n| [multer](https://github.com/expressjs/multer) | `2.0.2` | `2.1.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `11.1.0` | `14.0.0` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `1.1.2` | `removed` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [qs](https://github.com/ljharb/qs) | `6.14.1` | `6.14.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [mongoose](https://github.com/Automattic/mongoose) | `8.12.1` | `8.23.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n\n\nUpdates `axios` from 1.13.5 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `multer` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/releases\"\u003emulter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add node version to 25.x in CI by \u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1377\"\u003eexpressjs/multer#1377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1376\"\u003eexpressjs/multer#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1375\"\u003eexpressjs/multer#1375\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1374\"\u003eexpressjs/multer#1374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix error/abort handling by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1373\"\u003eexpressjs/multer#1373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e2.1.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1380\"\u003eexpressjs/multer#1380\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\"\u003ehttps://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.0\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1346\"\u003eexpressjs/multer#1346\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop mkdirp dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop object-assign dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1351\"\u003eexpressjs/multer#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop xtend dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1352\"\u003eexpressjs/multer#1352\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(gitignore): ignore .nyc_output directory by \u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-vi.md regarding file upload by \u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-pt-br.md for array method by \u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eheaders-support-utf8 by \u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Turkish translation (README-tr.md) by \u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.1.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1371\"\u003eexpressjs/multer#1371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\"\u003ehttps://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/blob/main/CHANGELOG.md\"\u003emulter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix error/abort handling\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edefParamCharset\u003c/code\u003e option for UTF-8 filename support (\u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/368c8a10cca11854cf17c24029fefd1eafb1c059\"\u003e\u003ccode\u003e368c8a1\u003c/code\u003e\u003c/a\u003e 2.1.1 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1380\"\u003e#1380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752\"\u003e\u003ccode\u003e7e66481\u003c/code\u003e\u003c/a\u003e 🐛 fix recursion issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/643571ef85e9db94b87a777773f4d67156f82a3e\"\u003e\u003ccode\u003e643571e\u003c/code\u003e\u003c/a\u003e ✅ add explicit test for client able to send body without abrupt disconnect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/e86fa523753f8d54ad0687bf52fb20044b6fa309\"\u003e\u003ccode\u003ee86fa52\u003c/code\u003e\u003c/a\u003e fix error/abort handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/ca37779bf1f531a70af9977805380d0f51d293e2\"\u003e\u003ccode\u003eca37779\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/13088f41e3bf8c3fc21d8c2867ffafb42470ed09\"\u003e\u003ccode\u003e13088f4\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1375\"\u003e#1375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/bc6a1d1374f7ddc9baf9d22bf7c30f831c621e3a\"\u003e\u003ccode\u003ebc6a1d1\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/c496e931263a901ccfc0821ac21768ac23786f77\"\u003e\u003ccode\u003ec496e93\u003c/code\u003e\u003c/a\u003e chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1377\"\u003e#1377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/fa173d30d01f4e18a8be74570b2770c7230b8b05\"\u003e\u003ccode\u003efa173d3\u003c/code\u003e\u003c/a\u003e chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/17d7f5193a237ebfd4c19274c7a6729538b4a9a0\"\u003e\u003ccode\u003e17d7f51\u003c/code\u003e\u003c/a\u003e chore: add node version to 25.x in CI\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 11.1.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nRemoves `@tootallnate/once`\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.1 to 6.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/bdcf0c7f82387c18ac8fabfccd2f440645cef47b\"\u003e\u003ccode\u003ebdcf0c7\u003c/code\u003e\u003c/a\u003e v6.14.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/294db90c812ddbe7d7a35d5687c505fd21a2d6a2\"\u003e\u003ccode\u003e294db90\u003c/code\u003e\u003c/a\u003e [readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5c308e5516c270a78caa6f278465914090f91ec6\"\u003e\u003ccode\u003e5c308e5\u003c/code\u003e\u003c/a\u003e [readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/6addf8cf738d529c54d91f6f3ffb6c1be91bbfdc\"\u003e\u003ccode\u003e6addf8c\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cfc108f662326d6ab540f3545ef0b832baf83cdf\"\u003e\u003ccode\u003ecfc108f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/`pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/febb64442a80e49200211fa38d3c96b58024ac77\"\u003e\u003ccode\u003efebb644\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when `thr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482\"\u003e\u003ccode\u003ef6a7abf\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/fbc5206c25b4d1851cea683f02c10756c521d15a\"\u003e\u003ccode\u003efbc5206\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/1b9a8b4e78c6aff4c22fa559107227f02fd0216a\"\u003e\u003ccode\u003e1b9a8b4\u003c/code\u003e\u003c/a\u003e [actions] fix rebase workflow permissions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/2a35775614e0fb46ac8a3060201a32a7c23a7fda\"\u003e\u003ccode\u003e2a35775\u003c/code\u003e\u003c/a\u003e [meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/bdcf0c7f82387c18ac8fabfccd2f440645cef47b\"\u003e\u003ccode\u003ebdcf0c7\u003c/code\u003e\u003c/a\u003e v6.14.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/294db90c812ddbe7d7a35d5687c505fd21a2d6a2\"\u003e\u003ccode\u003e294db90\u003c/code\u003e\u003c/a\u003e [readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5c308e5516c270a78caa6f278465914090f91ec6\"\u003e\u003ccode\u003e5c308e5\u003c/code\u003e\u003c/a\u003e [readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/6addf8cf738d529c54d91f6f3ffb6c1be91bbfdc\"\u003e\u003ccode\u003e6addf8c\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cfc108f662326d6ab540f3545ef0b832baf83cdf\"\u003e\u003ccode\u003ecfc108f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/`pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/febb64442a80e49200211fa38d3c96b58024ac77\"\u003e\u003ccode\u003efebb644\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when `thr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482\"\u003e\u003ccode\u003ef6a7abf\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/fbc5206c25b4d1851cea683f02c10756c521d15a\"\u003e\u003ccode\u003efbc5206\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/1b9a8b4e78c6aff4c22fa559107227f02fd0216a\"\u003e\u003ccode\u003e1b9a8b4\u003c/code\u003e\u003c/a\u003e [actions] fix rebase workflow permissions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/2a35775614e0fb46ac8a3060201a32a7c23a7fda\"\u003e\u003ccode\u003e2a35775\u003c/code\u003e\u003c/a\u003e [meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mongoose` from 8.12.1 to 8.23.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Automattic/mongoose/releases\"\u003emongoose's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e8.23.1 / 2026-04-23\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): support sort option in Model.bulkWrite() updateOne and replaceOne operations \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16091\"\u003e#16091\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16079\"\u003e#16079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(setDefaultsOnInsert): check child filter paths before applying defaults (backport \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16031\"\u003e#16031\u003c/a\u003e to 8.x) \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16219\"\u003e#16219\u003c/a\u003e \u003ca href=\"https://github.com/marklai1998\"\u003emarklai1998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(schema): always pass raw string value to error validators, only trim to 30 chars for maxlength validator \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16238\"\u003e#16238\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16236\"\u003e#16236\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15550\"\u003e#15550\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15571\"\u003e#15571\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.23.0 / 2026-02-09\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(document): add flattenUUIDs option to toObject() and toJSON() (backport \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15021\"\u003e#15021\u003c/a\u003e to 8.x)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.1 / 2025-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.0 / 2026-01-27\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(model): allow passing strict option to hydrate() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15944\"\u003e#15944\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15940\"\u003e#15940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.21.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(clone): fix parent doc for map subdocuments and array subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: respect currentTime schema option in bulkWrite updates \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15976\"\u003e#15976\u003c/a\u003e \u003ca href=\"https://github.com/sderrow\"\u003esderrow\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.21.0 / 2025-12-29\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(document): add support for getAtomics() to allow custom container types to utilize atomics \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15817\"\u003e#15817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(document+model): pass options to pre('deleteOne') and update+options to pre('updateOne') hooks \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15908\"\u003e#15908\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15870\"\u003e#15870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add support for typescript style enums \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15914\"\u003e#15914\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15913\"\u003e#15913\u003c/a\u003e \u003ca href=\"https://github.com/mjfwebb\"\u003emjfwebb\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.4 / 2025-12-18\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): ensure $isDeleted is set after calling doc.deleteOne() successfully \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15898\"\u003e#15898\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): use bitwise OR to accumulate version mode flags \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15893\"\u003e#15893\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15888\"\u003e#15888\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.3 / 2025-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eperf: use Object.hasOwn instead of Object#hasOwnProperty \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15875\"\u003e#15875\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: improve error when calling Document.prototype.init() with null/undefined \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15812\"\u003e#15812\u003c/a\u003e \u003ca href=\"https://github.com/Vegapunk-debug\"\u003eVegapunk-debug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): avoid treating paths with default: null as required \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15889\"\u003e#15889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): allow partial statics to schema.statics() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15780\"\u003e#15780\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.2 / 2025-12-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): bump version if necessary after successful bulkSave() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15809\"\u003e#15809\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15800\"\u003e#15800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bulkWrite): pass overwriteImmutable option to castUpdate fixes \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15789\"\u003e#15789\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15782\"\u003e#15782\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15781\"\u003e#15781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Automattic/mongoose/blob/8.23.1/CHANGELOG.md\"\u003emongoose's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e8.23.1 / 2026-04-23\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): support sort option in Model.bulkWrite() updateOne and replaceOne operations \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16091\"\u003e#16091\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16079\"\u003e#16079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(setDefaultsOnInsert): check child filter paths before applying defaults (backport \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16031\"\u003e#16031\u003c/a\u003e to 8.x) \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16219\"\u003e#16219\u003c/a\u003e \u003ca href=\"https://github.com/marklai1998\"\u003emarklai1998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(schema): always pass raw string value to error validators, only trim to 30 chars for maxlength validator \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16238\"\u003e#16238\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16236\"\u003e#16236\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15550\"\u003e#15550\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15571\"\u003e#15571\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.23.0 / 2026-02-09\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(document): add flattenUUIDs option to toObject() and toJSON() (backport \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15021\"\u003e#15021\u003c/a\u003e to 8.x)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.1 / 2026-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e7.8.9 / 2026-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.0 / 2026-01-27\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(model): allow passing strict option to hydrate() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15944\"\u003e#15944\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15940\"\u003e#15940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.21.1 / 2026-01-23\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(clone): fix parent doc for map subdocuments and array subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: respect currentTime schema option in bulkWrite updates \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15976\"\u003e#15976\u003c/a\u003e \u003ca href=\"https://github.com/sderrow\"\u003esderrow\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.21.0 / 2025-12-29\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(document): add support for getAtomics() to allow custom container types to utilize atomics \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15817\"\u003e#15817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(document+model): pass options to pre('deleteOne') and update+options to pre('updateOne') hooks \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15908\"\u003e#15908\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15870\"\u003e#15870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add support for typescript style enums \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15914\"\u003e#15914\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15913\"\u003e#15913\u003c/a\u003e \u003ca href=\"https://github.com/mjfwebb\"\u003emjfwebb\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.4 / 2025-12-18\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): ensure $isDeleted is set after calling doc.deleteOne() successfully \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15898\"\u003e#15898\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): use bitwise OR to accumulate version mode flags \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15893\"\u003e#15893\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15888\"\u003e#15888\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.3 / 2025-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eperf: use Object.hasOwn instead of Object#hasOwnProperty \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15875\"\u003e#15875\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: improve error when calling Document.prototype.init() with null/undefined \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15812\"\u003e#15812\u003c/a\u003e \u003ca href=\"https://github.com/Vegapunk-debug\"\u003eVegapunk-debug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): avoid treating paths with default: null as required \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15889\"\u003e#15889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): allow partial statics to schema.statics() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15780\"\u003e#15780\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/2302290b8084a2986cdca0a89f59413f559da7b4\"\u003e\u003ccode\u003e2302290\u003c/code\u003e\u003c/a\u003e chore: release 8.23.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/03224e1d52d2ac2ff4080eb2931fc523d0cf56e1\"\u003e\u003ccode\u003e03224e1\u003c/code\u003e\u003c/a\u003e Merge branch '8.23' into 8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/d8a0dba19997d74838e86ca2056153c24ba91599\"\u003e\u003ccode\u003ed8a0dba\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16219\"\u003e#16219\u003c/a\u003e from marklai1998/fix/set-default-on-insert\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/86037f329ba988d43e56d8309f7b8a21b5633065\"\u003e\u003ccode\u003e86037f3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16238\"\u003e#16238\u003c/a\u003e from Automattic/vkarpov15/\u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16236\"\u003egh-16236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/634e9e25fc0fa934ff3df978508fa15cf17515f2\"\u003e\u003ccode\u003e634e9e2\u003c/code\u003e\u003c/a\u003e Potential fix for pull request finding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/dee02943fe8dd96d6c1e7da5d8c380ed8c5544cb\"\u003e\u003ccode\u003edee0294\u003c/code\u003e\u003c/a\u003e fix(schema): always pass raw string value to error validators, only trim to 3...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/55c5cd127886d6b2b066b756a0382b20c1f95f2a\"\u003e\u003ccode\u003e55c5cd1\u003c/code\u003e\u003c/a\u003e chore: empty commit to retrigger CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/9ddf06f4879fd1f3e393f16a2506a864f40a0288\"\u003e\u003ccode\u003e9ddf06f\u003c/code\u003e\u003c/a\u003e chore: fix lint error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/6e5db6fc6f94ba30e2c995570f458eac76fe479e\"\u003e\u003ccode\u003e6e5db6f\u003c/code\u003e\u003c/a\u003e fix(setDefaultsOnInsert): check child filter paths before applying defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/7db8ab7806b0443b03a1f44b215d5640a5d49edb\"\u003e\u003ccode\u003e7db8ab7\u003c/code\u003e\u003c/a\u003e Fix Model.bulkWrite sorting in 8.x (\u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16091\"\u003e#16091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Automattic/mongoose/compare/8.12.1...8.23.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for mongoose since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHS...\n\n_Description has been truncated_\n\n---\n\n🔄 This PR updates 12 npm dependencies across the project, including major version bumps for axios (1.13.5→1.15.2), multer (2.0.2→2.1.1), sqlite3 (5.1.6→6.0.1), and uuid (11.1.0→14.0.0), along with several security fixes and performance improvements.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Direct Dependencies**: Updated 4 production dependencies with significant version changes\n- **Transitive Dependencies**: Updated 8 indirect dependencies including security patches\n- **Security Fixes**: Multiple CVE fixes across axios, multer, uuid, and path-to-regexp packages\n- **Compatibility**: Some breaking changes requiring Node.js 20+ for certain packages\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify Updates]\n    B --\u003e C[Security Patches]\n    B --\u003e D[Feature Updates]\n    B --\u003e E[Bug Fixes]\n    C --\u003e F[axios: CVE fixes]\n    C --\u003e G[multer: CVE-2026-3520]\n    C --\u003e H[uuid: GHSA-w5hq-g745-h8pq]\n    C --\u003e I[path-to-regexp: CVE-2026-4867]\n    D --\u003e J[New Features Added]\n    E --\u003e K[Performance Improvements]\n    F --\u003e L[Updated package.json]\n    G --\u003e L\n    H --\u003e L\n    I --\u003e L\n    J --\u003e L\n    K --\u003e L\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including prototype pollution, SSRF, and buffer overflow vulnerabilities\n- **Performance Improvements**: Axios memory leak fixes, mongoose performance optimizations, and uuid v4() improvements\n- **Breaking Changes**: uuid now requires Node.js 20+, removes CommonJS support; sqlite3 major version bump may affect database operations\n- **Feature Additions**: New axios `allowedSocketPaths` config, multer UTF-8 filename support, and mongoose atomic operations support\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/documind/pull/39","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fdocumind/issues/39","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/39/packages"},{"uuid":"4425212618","node_id":"PR_kwDOOj_V_M7aeNe1","number":256,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 7 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T00:13:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T00:14:59.000Z","updated_at":"2026-05-20T00:13:32.000Z","time_to_close":691111,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"next","old_version":"14.2.33","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"rollup","old_version":"4.52.2","new_version":"4.59.0","repository_url":"https://github.com/rollup/rollup"},{"name":"postcss","old_version":"8.5.9","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.28.5","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"axios","old_version":"1.13.0","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"ip-address","old_version":"10.0.1","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"koa","old_version":"2.16.3","new_version":"2.16.4","repository_url":"https://github.com/koajs/koa"},{"name":"liquidjs","old_version":"10.25.6","new_version":"10.25.7","repository_url":"https://github.com/harttle/liquidjs"},{"name":"lodash","old_version":"4.17.21","new_version":"4.17.23","repository_url":"https://github.com/lodash/lodash"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"svgo","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"tar","old_version":"7.5.1","new_version":"7.5.15","repository_url":"https://github.com/isaacs/node-tar"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"undici","old_version":"7.16.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [next](https://github.com/vercel/next.js) | `14.2.33` | `15.5.18` |\n| [rollup](https://github.com/rollup/rollup) | `4.52.2` | `4.59.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.9` | `8.5.10` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.28.5` | `7.29.4` |\n| [axios](https://github.com/axios/axios) | `1.13.0` | `1.16.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [koa](https://github.com/koajs/koa) | `2.16.3` | `2.16.4` |\n| [liquidjs](https://github.com/harttle/liquidjs) | `10.25.6` | `10.25.7` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.1` | `7.5.15` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n| [undici](https://github.com/nodejs/undici) | `7.16.0` | `7.25.0` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\nBumps the npm_and_yarn group with 3 updates in the /1st-gen directory: [next](https://github.com/vercel/next.js), [rollup](https://github.com/rollup/rollup) and [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core).\nBumps the npm_and_yarn group with 1 update in the /1st-gen/projects/css-custom-vars-viewer directory: [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core).\nBumps the npm_and_yarn group with 1 update in the /1st-gen/projects/documentation directory: [rollup](https://github.com/rollup/rollup).\nBumps the npm_and_yarn group with 1 update in the /2nd-gen/packages/swc directory: [postcss](https://github.com/postcss/postcss).\nBumps the npm_and_yarn group with 1 update in the /2nd-gen/packages/tools/postcss-token directory: [postcss](https://github.com/postcss/postcss).\nBumps the npm_and_yarn group with 1 update in the /2nd-gen/packages/tools/vite-global-elements-css directory: [postcss](https://github.com/postcss/postcss).\n\nUpdates `next` from 14.2.33 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.33...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.52.2 to 4.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.59.0\u003c/h2\u003e\n\u003ch2\u003e4.59.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6275\"\u003e#6275\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.58.0\u003c/h2\u003e\n\u003ch2\u003e4.58.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-20\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlso support \u003ccode\u003e__NO_SIDE_EFFECTS__\u003c/code\u003e annotation before variable declarations declaring function expressions (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6272\"\u003e#6272\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6256\"\u003e#6256\u003c/a\u003e: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (\u003ca href=\"https://github.com/njg7194\"\u003e\u003ccode\u003e@​njg7194\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6259\"\u003e#6259\u003c/a\u003e: docs: Correct typo and improve sentence structure in docs for \u003ccode\u003eoutput.experimentalMinChunkSize\u003c/code\u003e (\u003ca href=\"https://github.com/millerick\"\u003e\u003ccode\u003e@​millerick\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6260\"\u003e#6260\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v47 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6261\"\u003e#6261\u003c/a\u003e: fix(deps): lock file maintenance minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6262\"\u003e#6262\u003c/a\u003e: Avoid unnecessary cloning of the code string (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6263\"\u003e#6263\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6265\"\u003e#6265\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6267\"\u003e#6267\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6268\"\u003e#6268\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v63 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6269\"\u003e#6269\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6270\"\u003e#6270\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6272\"\u003e#6272\u003c/a\u003e: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.57.1\u003c/h2\u003e\n\u003ch2\u003e4.57.1\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-01-30\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix heap corruption issue in Windows (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6251\"\u003e#6251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnsure exports of a dynamic import are fully included when called from a try...catch (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6254\"\u003e#6254\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6251\"\u003e#6251\u003c/a\u003e: fix: Isolate and cache \u003ccode\u003eprocess.report.getReport()\u003c/code\u003e calls in a child process for robust environment detection (\u003ca href=\"https://github.com/alan-agius4\"\u003e\u003ccode\u003e@​alan-agius4\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.59.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6275\"\u003e#6275\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.58.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-20\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlso support \u003ccode\u003e__NO_SIDE_EFFECTS__\u003c/code\u003e annotation before variable declarations declaring function expressions (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6272\"\u003e#6272\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6256\"\u003e#6256\u003c/a\u003e: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (\u003ca href=\"https://github.com/njg7194\"\u003e\u003ccode\u003e@​njg7194\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6259\"\u003e#6259\u003c/a\u003e: docs: Correct typo and improve sentence structure in docs for \u003ccode\u003eoutput.experimentalMinChunkSize\u003c/code\u003e (\u003ca href=\"https://github.com/millerick\"\u003e\u003ccode\u003e@​millerick\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6260\"\u003e#6260\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v47 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6261\"\u003e#6261\u003c/a\u003e: fix(deps): lock file maintenance minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6262\"\u003e#6262\u003c/a\u003e: Avoid unnecessary cloning of the code string (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6263\"\u003e#6263\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6265\"\u003e#6265\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6267\"\u003e#6267\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6268\"\u003e#6268\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v63 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6269\"\u003e#6269\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6270\"\u003e#6270\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6272\"\u003e#6272\u003c/a\u003e: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.57.1\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-01-30\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix heap corruption issue in Windows (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6251\"\u003e#6251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnsure exports of a dynamic import are fully included when called from a try...catch (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6254\"\u003e#6254\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6251\"\u003e#6251\u003c/a\u003e: fix: Isolate and cache \u003ccode\u003eprocess.report.getReport()\u003c/code\u003e calls in a child process for robust environment detection (\u003ca href=\"https://github.com/alan-agius4\"\u003e\u003ccode\u003e@​alan-agius4\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6252\"\u003e#6252\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6253\"\u003e#6253\u003c/a\u003e: chore(deps): lock file maintenance minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6254\"\u003e#6254\u003c/a\u003e: Fully include dynamic imports in a try-catch (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/ae846957f109690a866cc3e4c073613c338d3476\"\u003e\u003ccode\u003eae84695\u003c/code\u003e\u003c/a\u003e 4.59.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/b39616e9175b3d9fc3977c99153174c490805a93\"\u003e\u003ccode\u003eb39616e\u003c/code\u003e\u003c/a\u003e Update audit-resolve\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2\"\u003e\u003ccode\u003ec60770d\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6275\"\u003e#6275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/33f39c1f205ea2eadaf4b589e493453e2baa3662\"\u003e\u003ccode\u003e33f39c1\u003c/code\u003e\u003c/a\u003e 4.58.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/b61c40803b717854c1c28937e8098e5ad3c7b8ca\"\u003e\u003ccode\u003eb61c408\u003c/code\u003e\u003c/a\u003e forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/7f00689ec90e2cafb11c26eefbcac62343c936f6\"\u003e\u003ccode\u003e7f00689\u003c/code\u003e\u003c/a\u003e Extend agent instructions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/e7b2b85af0901244ecc141b9d792c6db6b527ea4\"\u003e\u003ccode\u003ee7b2b85\u003c/code\u003e\u003c/a\u003e chore(deps): lock file maintenance (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6270\"\u003e#6270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/2aa5da9baf82211b8207d268c8751630cb766970\"\u003e\u003ccode\u003e2aa5da9\u003c/code\u003e\u003c/a\u003e fix(deps): update minor/patch updates (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6267\"\u003e#6267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/4319837c5448d0c10d89e9ded118888deec2eeec\"\u003e\u003ccode\u003e4319837\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6269\"\u003e#6269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/c3b6b4bdc4f2ed978fa233132a526957e6513233\"\u003e\u003ccode\u003ec3b6b4b\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-unicorn to v63 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6268\"\u003e#6268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rollup/rollup/compare/v4.52.2...v4.59.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for rollup since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.9 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.9...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.28.5 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwin...\n\n_Description has been truncated_","html_url":"https://github.com/Reality2byte/spectrum-web-components/pull/256","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Reality2byte%2Fspectrum-web-components/issues/256","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/256/packages"},{"uuid":"4413874736","node_id":"PR_kwDOOHO_y87Z6S5C","number":23,"state":"open","title":"Bump the npm_and_yarn group across 15 directories with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T21:24:43.000Z","updated_at":"2026-05-09T21:25:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.2","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.4.47","new_version":"8.5.14","repository_url":"https://github.com/postcss/postcss"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"webpack","old_version":"5.95.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the /examples/angular directory: [fast-uri](https://github.com/fastify/fast-uri) and [ip-address](https://github.com/beaugunderson/ip-address).\nBumps the npm_and_yarn group with 1 update in the /examples/angularjs_require/test directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 4 updates in the /examples/backbone directory: [qs](https://github.com/ljharb/qs), [underscore](https://github.com/jashkenas/underscore), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /examples/backbone_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 2 updates in the /examples/dijon directory: [jquery](https://github.com/jquery/jquery) and [handlebars](https://github.com/handlebars-lang/handlebars.js).\nBumps the npm_and_yarn group with 13 updates in the /examples/emberjs/todomvc directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.2` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.14` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [webpack](https://github.com/webpack/webpack) | `5.95.0` | `5.104.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /examples/javascript-es5 directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 11 updates in the /examples/javascript-es6 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.14` |\n| [qs](https://github.com/ljharb/qs) | `6.11.0` | `6.15.1` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.106.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.5` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n\nBumps the npm_and_yarn group with 4 updates in the /examples/jquery directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [handlebars](https://github.com/handlebars-lang/handlebars.js).\nBumps the npm_and_yarn group with 1 update in the /examples/knockback directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/lavaca_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 2 updates in the /examples/typescript-backbone directory: [jquery](https://github.com/jquery/jquery) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 3 updates in the /examples/web-components directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.11.1 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"\u003e\u003ccode\u003ed9b4c66\u003c/code\u003e\u003c/a\u003e v6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"\u003e\u003ccode\u003ecb41a54\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"\u003e\u003ccode\u003e88e1563\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"\u003e\u003ccode\u003e9d441d2\u003c/code\u003e\u003c/a\u003e Merge backport release tags v6.0.6–v6.13.3 into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"\u003e\u003ccode\u003e85cc8ca\u003c/code\u003e\u003c/a\u003e v6.12.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.11.1...v6.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.13.6 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.13.6...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://red...\n\n_Description has been truncated_","html_url":"https://github.com/AKJUS/todomvc/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Ftodomvc/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"},{"uuid":"4409474311","node_id":"PR_kwDOIEoBZ87ZsPIS","number":21,"state":"closed","title":"Bump the npm_and_yarn group across 15 directories with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T00:52:12.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T21:21:52.000Z","updated_at":"2026-05-09T00:52:14.000Z","time_to_close":12620,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.2","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.4.47","new_version":"8.5.14","repository_url":"https://github.com/postcss/postcss"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"webpack","old_version":"5.95.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the /examples/angular directory: [fast-uri](https://github.com/fastify/fast-uri) and [ip-address](https://github.com/beaugunderson/ip-address).\nBumps the npm_and_yarn group with 1 update in the /examples/angularjs_require/test directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 4 updates in the /examples/backbone directory: [qs](https://github.com/ljharb/qs), [underscore](https://github.com/jashkenas/underscore), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /examples/backbone_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 2 updates in the /examples/dijon directory: [jquery](https://github.com/jquery/jquery) and [handlebars](https://github.com/handlebars-lang/handlebars.js).\nBumps the npm_and_yarn group with 13 updates in the /examples/emberjs/todomvc directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.2` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.14` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [webpack](https://github.com/webpack/webpack) | `5.95.0` | `5.104.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /examples/javascript-es5 directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 11 updates in the /examples/javascript-es6 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.14` |\n| [qs](https://github.com/ljharb/qs) | `6.11.0` | `6.15.1` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.106.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.5` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n\nBumps the npm_and_yarn group with 4 updates in the /examples/jquery directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [handlebars](https://github.com/handlebars-lang/handlebars.js).\nBumps the npm_and_yarn group with 1 update in the /examples/knockback directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/lavaca_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 2 updates in the /examples/typescript-backbone directory: [jquery](https://github.com/jquery/jquery) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 3 updates in the /examples/web-components directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.11.1 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"\u003e\u003ccode\u003ed9b4c66\u003c/code\u003e\u003c/a\u003e v6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"\u003e\u003ccode\u003ecb41a54\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"\u003e\u003ccode\u003e88e1563\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"\u003e\u003ccode\u003e9d441d2\u003c/code\u003e\u003c/a\u003e Merge backport release tags v6.0.6–v6.13.3 into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"\u003e\u003ccode\u003e85cc8ca\u003c/code\u003e\u003c/a\u003e v6.12.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.11.1...v6.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.13.6 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.13.6...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://red...\n\n_Description has been truncated_","html_url":"https://github.com/codemonkey85/todomvc/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/codemonkey85%2Ftodomvc/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"},{"uuid":"4396438199","node_id":"PR_kwDOJEmqjs7ZBgAc","number":941,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","no-pr-activity","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-07T05:48:14.000Z","updated_at":"2026-05-15T01:18:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":16,"packages":[{"name":"fastify","old_version":"4.29.0","new_version":"5.8.5","repository_url":"https://github.com/fastify/fastify"},{"name":"undici","old_version":"6.20.1","new_version":"6.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"defu","old_version":"6.1.4","new_version":"6.1.7","repository_url":"https://github.com/unjs/defu"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"h3","old_version":"1.13.0","new_version":"1.15.11","repository_url":"https://github.com/h3js/h3"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"markdown-it","old_version":"14.1.0","new_version":"14.1.1","repository_url":"https://github.com/markdown-it/markdown-it"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.28.1","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastify](https://github.com/fastify/fastify) | `4.29.0` | `5.8.5` |\n| [undici](https://github.com/nodejs/undici) | `6.20.1` | `6.24.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [h3](https://github.com/h3js/h3) | `1.13.0` | `1.15.11` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `4.28.1` | `4.60.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n\nBumps the npm_and_yarn group with 4 updates in the /sdk directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [rollup](https://github.com/rollup/rollup).\n\nUpdates `fastify` from 4.29.0 to 5.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fastify/releases\"\u003efastify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.5\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-33806 \u003ca href=\"https://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\"\u003ehttps://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: Fix port parsing by \u003ca href=\"https://github.com/jsumners\"\u003e\u003ccode\u003e@​jsumners\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6603\"\u003efastify/fastify#6603\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: upgrade to typescript v6.0.2 by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6605\"\u003efastify/fastify#6605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: restore trustProxy function for number and string types, add null check for socketAddr by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6613\"\u003efastify/fastify#6613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reduce cron scheduled workflows from daily/weekly to monthly by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6623\"\u003efastify/fastify#6623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6629\"\u003efastify/fastify#6629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6632\"\u003efastify/fastify#6632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump borp from 0.21.0 to 1.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6633\"\u003efastify/fastify#6633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6630\"\u003efastify/fastify#6630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ecosystem): add \u003ccode\u003e@​pompelmi/fastify-plugin\u003c/code\u003e by \u003ca href=\"https://github.com/SonoTommy\"\u003e\u003ccode\u003e@​SonoTommy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6610\"\u003efastify/fastify#6610\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonoTommy\"\u003e\u003ccode\u003e@​SonoTommy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6610\"\u003efastify/fastify#6610\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify/compare/v5.8.4...v5.8.5\"\u003ehttps://github.com/fastify/fastify/compare/v5.8.4...v5.8.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.8.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify/compare/v5.8.3...v5.8.4\"\u003ehttps://github.com/fastify/fastify/compare/v5.8.3...v5.8.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.8.3\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-3635 \u003ca href=\"https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf\"\u003ehttps://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs(readme): add \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e to plugin team by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6565\"\u003efastify/fastify#6565\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated Plugins-Guide.md; Changed \u0026quot;fastify\u0026quot; to \u0026quot;instance\u0026quot; during plugin registration to showcase that it's added as a child by \u003ca href=\"https://github.com/kyrylchenko\"\u003e\u003ccode\u003e@​kyrylchenko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6566\"\u003efastify/fastify#6566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: use fastify.test in test case by \u003ca href=\"https://github.com/climba03003\"\u003e\u003ccode\u003e@​climba03003\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6568\"\u003efastify/fastify#6568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: use fastify.example in documentation by \u003ca href=\"https://github.com/climba03003\"\u003e\u003ccode\u003e@​climba03003\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6567\"\u003efastify/fastify#6567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add common performance degradation guidance by \u003ca href=\"https://github.com/maxpetrusenko\"\u003e\u003ccode\u003e@​maxpetrusenko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6520\"\u003efastify/fastify#6520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(server): fix camelCase anchor links in TOC by \u003ca href=\"https://github.com/Deepvamja\"\u003e\u003ccode\u003e@​Deepvamja\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6530\"\u003efastify/fastify#6530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(link-checker): fix root-relative links resolution by \u003ca href=\"https://github.com/barba-rossa\"\u003e\u003ccode\u003e@​barba-rossa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6535\"\u003efastify/fastify#6535\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update syntax markdown, absolute paths and links by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6569\"\u003efastify/fastify#6569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify content-type parser/schema mismatch is outside threat model by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6537\"\u003efastify/fastify#6537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix incorrect code examples in Reply and Request reference by \u003ca href=\"https://github.com/mahmoodhamdi\"\u003e\u003ccode\u003e@​mahmoodhamdi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6582\"\u003efastify/fastify#6582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: replace redirected npm.im http-errors link by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6588\"\u003efastify/fastify#6588\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: Allow port to be null in request type definition by \u003ca href=\"https://github.com/TristanBarlow\"\u003e\u003ccode\u003e@​TristanBarlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6589\"\u003efastify/fastify#6589\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update links by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6593\"\u003efastify/fastify#6593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(lock-threads): use shared lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6592\"\u003efastify/fastify#6592\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kyrylchenko\"\u003e\u003ccode\u003e@​kyrylchenko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6566\"\u003efastify/fastify#6566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/maxpetrusenko\"\u003e\u003ccode\u003e@​maxpetrusenko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6520\"\u003efastify/fastify#6520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Deepvamja\"\u003e\u003ccode\u003e@​Deepvamja\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6530\"\u003efastify/fastify#6530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/barba-rossa\"\u003e\u003ccode\u003e@​barba-rossa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6535\"\u003efastify/fastify#6535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/3983cce8124714242099e8756a7a9a80a0ba0aea\"\u003e\u003ccode\u003e3983cce\u003c/code\u003e\u003c/a\u003e Bumped v5.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/3ce3ae6752dbed672759856081af9cb1e2733105\"\u003e\u003ccode\u003e3ce3ae6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/b06a196b694c0c7aed53976cd77456f1ad7d4c9f\"\u003e\u003ccode\u003eb06a196\u003c/code\u003e\u003c/a\u003e docs(ecosystem): add \u003ccode\u003e@​pompelmi/fastify-plugin\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6610\"\u003e#6610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/909c5d5329536b0acc004da7649b3da8af9273b2\"\u003e\u003ccode\u003e909c5d5\u003c/code\u003e\u003c/a\u003e chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6630\"\u003e#6630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/4db21a36ddb588acaebf5a4472ccb3b0d5fc9db0\"\u003e\u003ccode\u003e4db21a3\u003c/code\u003e\u003c/a\u003e chore: Bump borp from 0.21.0 to 1.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6633\"\u003e#6633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/0f4e544c8acd7c42df347936e613a73cecc4f3fe\"\u003e\u003ccode\u003e0f4e544\u003c/code\u003e\u003c/a\u003e chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6632\"\u003e#6632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/33a2fcd39de584713495bf4b3bd864137746f224\"\u003e\u003ccode\u003e33a2fcd\u003c/code\u003e\u003c/a\u003e chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6629\"\u003e#6629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/fd35d829a8cd496a3c1170c0c1c021130e3ca0e8\"\u003e\u003ccode\u003efd35d82\u003c/code\u003e\u003c/a\u003e ci: reduce cron schedules from daily/weekly to monthly (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6623\"\u003e#6623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/8dee9be05ebf683cd212aeff1d294f6ea1ec405c\"\u003e\u003ccode\u003e8dee9be\u003c/code\u003e\u003c/a\u003e fix: restore trustProxy function for number and string types, add null check ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/d457aeda8611777389c7e4713a288eb7ddb9a389\"\u003e\u003ccode\u003ed457aed\u003c/code\u003e\u003c/a\u003e chore: upgrade to typescript v6.0.2 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6605\"\u003e#6605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fastify/compare/v4.29.0...v5.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~climba03003\"\u003eclimba03003\u003c/a\u003e, a new releaser for fastify since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 6.20.1 to 6.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.23.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4e0179ae643e6f4380f24cc3683c1b1ca2afb094\"\u003e\u003ccode\u003e4e0179a\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5a97f0893b53ba7d1d5549d3df7e55d9c2673f89\"\u003e\u003ccode\u003e5a97f08\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/e43e898603dd5e0c14a75b08b83257598d664a39\"\u003e\u003ccode\u003ee43e898\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v6.20.1...v6.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `defu` from 6.1.4 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/releases\"\u003edefu's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExport Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/blob/main/CHANGELOG.md\"\u003edefu's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edefu.d.cts:\u003c/strong\u003e Export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tea.yaml (\u003ca href=\"https://github.com/unjs/defu/commit/70cffe5\"\u003e70cffe5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate repo (\u003ca href=\"https://github.com/unjs/defu/commit/23cc432\"\u003e23cc432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typecheck (\u003ca href=\"https://github.com/unjs/defu/commit/89df6bb\"\u003e89df6bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🤖 CI\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695\"\u003e\u003ccode\u003e80c0146\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321\"\u003e\u003ccode\u003e40d7ef4\u003c/code\u003e\u003c/a\u003e fix(defu.d.cts): export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697\"\u003e\u003ccode\u003e3d3a7c8\u003c/code\u003e\u003c/a\u003e build: correct the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b\"\u003e\u003ccode\u003e001c290\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12\"\u003e\u003ccode\u003e407b516\u003c/code\u003e\u003c/a\u003e build: fix mixed types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315\"\u003e\u003ccode\u003e23e59e6\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9\"\u003e\u003ccode\u003e11ba022\u003c/code\u003e\u003c/a\u003e fix: ignore inherited enumerable properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29\"\u003e\u003ccode\u003e3942bfb\u003c/code\u003e\u003c/a\u003e fix: prevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/d3ef16dabe861713192ba8679c5db8e0ac143f9b\"\u003e\u003ccode\u003ed3ef16d\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/checkout action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/869a053effb7b1bf49a1635e1bb211840daa589e\"\u003e\u003ccode\u003e869a053\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h3` from 1.13.0 to 1.15.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/h3/releases\"\u003eh3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.10...v1.15.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate defu to 6.1.6 (\u003ca href=\"https://github.com/h3js/h3/commit/6125485\"\u003e6125485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8\"\u003e4998dd8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate cookie-es (\u003ca href=\"https://github.com/h3js/h3/commit/d166186\"\u003ed166186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.9...v1.15.10\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSergio Azócar (\u003ca href=\"https://github.com/sergioazoc\"\u003e\u003ccode\u003e@​sergioazoc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.9\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.9\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Prevent path traversal via double-encoded dot segments (\u003ccode\u003e%252e%252e\u003c/code\u003e) (\u003ca href=\"https://github.com/h3js/h3/commit/c56683d\"\u003ec56683d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esse:\u003c/strong\u003e Sanitize carriage returns in event stream data and comments (\u003ca href=\"https://github.com/h3js/h3/commit/ba3c3fe\"\u003eba3c3fe\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.8\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.8\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.6...v1.15.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Narrow path traversal check to match \u003ccode\u003e..\u003c/code\u003e as a path segment only (\u003ca href=\"https://github.com/h3js/h3/commit/c049dc0\"\u003ec049dc0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapp:\u003c/strong\u003e Decode percent-encoded path segments to prevent auth bypass (\u003ca href=\"https://github.com/h3js/h3/commit/313ea52\"\u003e313ea52\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e💅 Refactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove implicit event handler conversion warning (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1340\"\u003e#1340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/h3/blob/v1.15.11/CHANGELOG.md\"\u003eh3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.10...v1.15.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate defu to 6.1.6 (\u003ca href=\"https://github.com/h3js/h3/commit/6125485\"\u003e6125485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8\"\u003e4998dd8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate cookie-es (\u003ca href=\"https://github.com/h3js/h3/commit/d166186\"\u003ed166186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.9...v1.15.10\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/26fec6f\"\u003e26fec6f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSergio Azócar (\u003ca href=\"https://github.com/sergioazoc\"\u003e\u003ccode\u003e@​sergioazoc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.9\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.9\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Prevent path traversal via double-encoded dot segments (\u003ccode\u003e%252e%252e\u003c/code\u003e) (\u003ca href=\"https://github.com/h3js/h3/commit/c56683d\"\u003ec56683d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esse:\u003c/strong\u003e Sanitize carriage returns in event stream data and comments (\u003ca href=\"https://github.com/h3js/h3/commit/ba3c3fe\"\u003eba3c3fe\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erelease:\u003c/strong\u003e V1.15.8 (\u003ca href=\"https://github.com/h3js/h3/commit/e3b9c9e\"\u003ee3b9c9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/23045df\"\u003e23045df\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/7b9f41fda6038d26a367c2a26a07ed83ee1dbaac\"\u003e\u003ccode\u003e7b9f41f\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/d166186ed63de5a21fa4bb0aede4f4574994a3b5\"\u003e\u003ccode\u003ed166186\u003c/code\u003e\u003c/a\u003e chore: update cookie-es\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8de60ddd6a182948e543143eaa56927399\"\u003e\u003ccode\u003e4998dd8\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/612548586357cbf0bad27bcb1b1615f4c40b1560\"\u003e\u003ccode\u003e6125485\u003c/code\u003e\u003c/a\u003e chore: update defu to 6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/b72bb57060cf68e627575e0c350742f4fa8206fa\"\u003e\u003ccode\u003eb72bb57\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/d8ef318fa9ce086036588443d683f97f9bb9faf8\"\u003e\u003ccode\u003ed8ef318\u003c/code\u003e\u003c/a\u003e remove resolutions for h3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/26fec6ff549e646bef284b8df4e267ddb8fc0b67\"\u003e\u003ccode\u003e26fec6f\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/51ca9b3750a2a1426257c96e5a81001e3ec3bb42\"\u003e\u003ccode\u003e51ca9b3\u003c/code\u003e\u003c/a\u003e fix: preserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/issues/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/4e8d43a7703d0d5c8bbc09748db1d8b9f3c51b42\"\u003e\u003ccode\u003e4e8d43a\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/23045df515a67f00182b5f7ca126cbec40efda4d\"\u003e\u003ccode\u003e23045df\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/h3js/h3/compare/v1.13.0...v1.15.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `markdown-it` from 14.1.0 to 14.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md\"\u003emarkdown-it's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[14.1.1] - 2026-01-11\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression from v13 in linkify inline rule. Specific patterns could\ncause high CPU use. Thanks to \u003ca href=\"https://github.com/ltduc147\"\u003e\u003ccode\u003e@​ltduc147\u003c/code\u003e\u003c/a\u003e for report.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/b4a9b659ef5734223731cfaa3ad5eacc6fc22918\"\u003e\u003ccode\u003eb4a9b65\u003c/code\u003e\u003c/a\u003e 14.1.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/4b4bbcae5e0990a5b172378e507b33a59012ed26\"\u003e\u003ccode\u003e4b4bbca\u003c/code\u003e\u003c/a\u003e Fixed perf regression in linkify-it wrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/d2782d892a51201b25d3eeab172201ad5a53a24c\"\u003e\u003ccode\u003ed2782d8\u003c/code\u003e\u003c/a\u003e Add supplementary example-driven documentation (\u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1092\"\u003e#1092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/markdown-it/markdown-it/compare/14.1.0...14.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` f...\n\n_Description has been truncated_","html_url":"https://github.com/thirdweb-dev/engine/pull/941","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/thirdweb-dev%2Fengine/issues/941","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/941/packages"}],"issue_packages":[{"old_version":"1.13.6","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-30T09:48:40.000Z","version_change":"1.13.6 → 1.13.8","issue":{"uuid":"4554029869","node_id":"PR_kwDOP78JWM7g7O4V","number":1,"state":"open","title":"Build(deps): Bump the npm_and_yarn group across 1 directory with 27 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T09:48:40.000Z","updated_at":"2026-05-30T09:51:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps): Bump","group_name":"npm_and_yarn","update_count":27,"packages":[{"name":"axios","old_version":"1.7.2","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.1.6","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"uuid","old_version":"9.0.1","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"storybook","old_version":"9.1.4","new_version":"9.1.20","repository_url":"https://github.com/storybookjs/storybook"},{"name":"@tootallnate/once","old_version":"2.0.0","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"2.4.0","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"bn.js","old_version":"5.2.1","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"bn.js","old_version":"4.12.0","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"svgo","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"rollup","old_version":"3.29.4","new_version":"3.30.0","repository_url":"https://github.com/rollup/rollup"},{"name":"immutable","old_version":"4.3.6","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"js-cookie","old_version":"2.2.1","new_version":"3.0.8","repository_url":"https://github.com/js-cookie/js-cookie"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"pbkdf2","old_version":"3.1.2","new_version":"3.1.6","repository_url":"https://github.com/browserify/pbkdf2"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"serialize-javascript","old_version":"6.0.2","new_version":"removed","repository_url":"https://github.com/yahoo/serialize-javascript"},{"name":"underscore","old_version":"1.13.6","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"webpack","old_version":"5.89.0","new_version":"5.107.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 25 updates in the /web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.2` | `1.16.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.1.6` | `3.4.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `9.1.4` | `9.1.20` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `2.4.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [bn.js](https://github.com/indutny/bn.js) | `5.2.1` | `5.2.3` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [rollup](https://github.com/rollup/rollup) | `3.29.4` | `3.30.0` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.6` | `4.3.8` |\n| [js-cookie](https://github.com/js-cookie/js-cookie) | `2.2.1` | `3.0.8` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.6` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.6` | `1.13.8` |\n| [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.107.2` |\n\n\nUpdates `axios` from 1.7.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.1.6 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003eADD_FORBID_CONTENTS\u003c/code\u003e setting to extend default list, thanks \u003ca href=\"https://github.com/MariusRumpf\"\u003e\u003ccode\u003e@​MariusRumpf\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated the ESM import syntax to be more correct, thanks \u003ca href=\"https://github.com/binhpv\"\u003e\u003ccode\u003e@​binhpv\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the SVG \u003ccode\u003emask-type\u003c/code\u003e attribute to default allow-list, thanks \u003ca href=\"https://github.com/prasadrajandran\"\u003e\u003ccode\u003e@​prasadrajandran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003eADD_ATTR\u003c/code\u003e and \u003ccode\u003eADD_TAGS\u003c/code\u003e to accept functions, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with the \u003ccode\u003eslot\u003c/code\u003e element being in both SVG and HTML allow-list, thanks \u003ca href=\"https://github.com/Wim-Valgaeren\"\u003e\u003ccode\u003e@​Wim-Valgaeren\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded new attributes and elements to default allow-list, thanks \u003ca href=\"https://github.com/elrion018\"\u003e\u003ccode\u003e@​elrion018\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003etagName\u003c/code\u003e parameter to custom element \u003ccode\u003eattributeNameCheck\u003c/code\u003e, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better check for animated \u003ccode\u003ehref\u003c/code\u003e attributes, thanks \u003ca href=\"https://github.com/llamakko\"\u003e\u003ccode\u003e@​llamakko\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated and improved the bundled types, thanks \u003ca href=\"https://github.com/ssi02014\"\u003e\u003ccode\u003e@​ssi02014\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated several tests to better align with new browser encoding behaviors\u003c/li\u003e\n\u003cli\u003eImproved the handling of potentially risky content inside CDATA elements, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved the regular expression for raw-text elements to cover textareas, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.1.6...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 9.0.1 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.6 to 8.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed declaration parsing performance (by \u003ca href=\"https://github.com/homanp\"\u003e\u003ccode\u003e@​homanp\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d\"\u003e\u003ccode\u003eeae46db\u003c/code\u003e\u003c/a\u003e Release 8.5.15 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4\"\u003e\u003ccode\u003e79508ff\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb\"\u003e\u003ccode\u003eb128e21\u003c/code\u003e\u003c/a\u003e Speed up declaration parsing by avoiding creating new array on each token\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9\"\u003e\u003ccode\u003e9825dca\u003c/code\u003e\u003c/a\u003e Fix code format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307\"\u003e\u003ccode\u003e55789c8\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95\"\u003e\u003ccode\u003e84fbbe9\u003c/code\u003e\u003c/a\u003e Install older pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb\"\u003e\u003ccode\u003e9f860bd\u003c/code\u003e\u003c/a\u003e Revert pnpm action for old Node.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6\"\u003e\u003ccode\u003e0877198\u003c/code\u003e\u003c/a\u003e Update CI actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582\"\u003e\u003ccode\u003eb2d1a33\u003c/code\u003e\u003c/a\u003e Fix linter warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267\"\u003e\u003ccode\u003e0700dac\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2088\"\u003e#2088\u003c/a\u003e from rootvector2/add-oss-fuzz-harness\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.6...8.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `storybook` from 9.1.4 to 9.1.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/releases\"\u003estorybook's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.1.20\u003c/h2\u003e\n\u003ch2\u003e9.1.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd request validation\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev9.1.19\u003c/h2\u003e\n\u003ch2\u003e9.1.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev9.1.18\u003c/h2\u003e\n\u003ch2\u003e9.1.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/storybookjs/storybook/blob/v9.1.20/CHANGELOG.md\"\u003estorybook's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e9.1.20\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd request validation\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHarden websocket connection\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.18\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo-op release. No changes.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.16\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCLI: Fix Nextjs project creation in empty directories - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32828\"\u003e#32828\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCore: Add \u003ccode\u003eexperimental_devServer\u003c/code\u003e preset - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32862\"\u003e#32862\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Fix preview-first-load event - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32859\"\u003e#32859\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCore: Add \u003ccode\u003epreview-first-load\u003c/code\u003e telemetry - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32770\"\u003e#32770\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eDependencies: Update \u003ccode\u003evite-plugin-storybook-nextjs\u003c/code\u003e - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32821\"\u003e#32821\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNextJS: Add NextJS 16 support - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32791\"\u003e#32791\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eAddon-Vitest: Support Vitest 4 - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32819\"\u003e#32819\u003c/a\u003e, thanks \u003ca href=\"https://github.com/yannbf\"\u003e\u003ccode\u003e@​yannbf\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eCSF: Fix \u003ccode\u003eplay-fn\u003c/code\u003e tag for methods - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32695\"\u003e#32695\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNextjs: Fix config access for Vite - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32759\"\u003e#32759\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMaintenance: Hotfix for missing nextjs dts files, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAutomigration: Improve the viewport/backgrounds automigration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32619\"\u003e#32619\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eMocking: Fix \u003ccode\u003esb.mock\u003c/code\u003e usage in Storybook's deployed in subpaths - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32678\"\u003e#32678\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eNextJS-Vite: Automatically fix bad PostCSS configuration - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32691\"\u003e#32691\u003c/a\u003e, thanks \u003ca href=\"https://github.com/ndelangen\"\u003e\u003ccode\u003e@​ndelangen\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eReact Native Web: Fix REACT_NATIVE_AND_RNW should detect vite builder - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32718\"\u003e#32718\u003c/a\u003e, thanks \u003ca href=\"https://github.com/dannyhw\"\u003e\u003ccode\u003e@​dannyhw\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Add metadata for react routers - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32615\"\u003e#32615\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.1.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAutomigrations: Add automigration for viewport and backgrounds - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/31614\"\u003e#31614\u003c/a\u003e, thanks \u003ca href=\"https://github.com/valentinpalkovic\"\u003e\u003ccode\u003e@​valentinpalkovic\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eTelemetry: Log userAgent in onboarding - \u003ca href=\"https://redirect.github.com/storybookjs/storybook/pull/32566\"\u003e#32566\u003c/a\u003e, thanks \u003ca href=\"https://github.com/shilman\"\u003e\u003ccode\u003e@​shilman\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/f4eff4835ee6076bddf2fa2c8af680afebfaba0e\"\u003e\u003ccode\u003ef4eff48\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.19\u0026quot; to \u0026quot;9.1.20\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/046ce4d35020916e996521e04c18abfdf1052eaa\"\u003e\u003ccode\u003e046ce4d\u003c/code\u003e\u003c/a\u003e Formatting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/98e74eb845a2f7f4d6a65d719284bc0a459395d6\"\u003e\u003ccode\u003e98e74eb\u003c/code\u003e\u003c/a\u003e Clarify hostname validation for HTTP requests and WebSocket connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/5f27e882807b4816fba5d30490232706dc8354e7\"\u003e\u003ccode\u003e5f27e88\u003c/code\u003e\u003c/a\u003e Core: Backport origin/host validation and update related configurations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/20887f19d26d1f6e74712eeec4812f325031420b\"\u003e\u003ccode\u003e20887f1\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.18\u0026quot; to \u0026quot;9.1.19\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/66b2d8e30b1c235c198b8de0696755a13a72ceae\"\u003e\u003ccode\u003e66b2d8e\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/31f16c4cd46f9435e1558204cdccb6bf6b880c7f\"\u003e\u003ccode\u003e31f16c4\u003c/code\u003e\u003c/a\u003e fix linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/62dd25b508d3b8cd771cfadcac9a9f41881c0e11\"\u003e\u003ccode\u003e62dd25b\u003c/code\u003e\u003c/a\u003e Core: Require token for websocket connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/bbe61e351b4b45cd17c7d8005e48e4cab60a0315\"\u003e\u003ccode\u003ebbe61e3\u003c/code\u003e\u003c/a\u003e Bump version from \u0026quot;9.1.17\u0026quot; to \u0026quot;9.1.18\u0026quot; [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/storybookjs/storybook/commit/d0d5a3d645df3493ad935e321d1ef101679cfc2e\"\u003e\u003ccode\u003ed0d5a3d\u003c/code\u003e\u003c/a\u003e Bump version from 9.1.16 to 9.1.17 MANUALLY\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/storybookjs/storybook/commits/v9.1.20/code/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for storybook since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 2.0.0 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n...\n\n_Description has been truncated_\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate web dependencies to pick up security fixes, reliability improvements, and build hardening. Highlights include `axios` 1.16, `dompurify` 3.4, `lodash` 4.18, `uuid` 14, `postcss` 8.5, `storybook` 9.1, and removal of `serialize-javascript`.\n\n- **Dependencies**\n  - Security/bug fixes: `dompurify` 3.4.0, `lodash` 4.18.1, `postcss` 8.5.15, `storybook` 9.1.20.\n  - HTTP client: `axios` 1.16.0 enforces body/content limits and fixes redirects/headers.\n  - Breaking: `uuid` 14.0.0 expects global `crypto` and requires Node 20+; adds buffer bounds checks.\n  - Tooling: `webpack` 5.107.2, `terser-webpack-plugin` 5.6.1; removed `serialize-javascript`.\n  - App libs: `@antv/g2` 5.4.8, `ahooks` 3.9.7, plus assorted patch updates.\n\n- **Migration**\n  - Use Node 20+ locally and in CI for web builds and Storybook.\n  - If `uuid` runs in Node/SSR, ensure the environment provides global `crypto`; in browsers, verify `window.crypto` is available.\n  - Remove any direct `serialize-javascript` imports if present and reinstall dependencies.\n  - If you have custom Storybook networking/proxy settings, verify the preview connects after the websocket/request validation changes.\n\n\u003csup\u003eWritten for commit e748ef93c31e7903500a6c7e83e7506c6e3c020e. Summary will update on new commits.\u003c/sup\u003e\n\n\u003ca href=\"https://cubic.dev/pr/EmilynnJ/ragflow/pull/1?utm_source=github\" target=\"_blank\" rel=\"noopener noreferrer\" data-no-image-dialog=\"true\"\u003e\u003cpicture\u003e\u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://cubic.dev/buttons/review-in-cubic-light.svg\"\u003e\u003cimg alt=\"Review in cubic\" src=\"https://cubic.dev/buttons/review-in-cubic-dark.svg\"\u003e\u003c/picture\u003e\u003c/a\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n\n\n\u003c!-- Macroscope's pull request summary starts here --\u003e\n\u003c!-- Macroscope will only edit the content between these invisible markers, and the markers themselves will not be visible in the GitHub rendered markdown. --\u003e\n\u003c!-- If you delete either of the start / end markers from your PR's description, Macroscope will append its summary at the bottom of the description. --\u003e\n\u003e [!NOTE]\n\u003e ### Bump 27 npm dependencies in web package\n\u003e Updates dependencies in [package.json](https://github.com/EmilynnJ/ragflow/pull/1/files#diff-b861012a5dd72b8a9f3281b7cf09f5a779c98569d040b1bbc1db50f1b15e7cce), including major version bumps to `uuid` (9→14) and `axios` (1.6→1.16), plus minor/patch updates to `@antv/g2`, `ahooks`, `dompurify`, `lodash`, `postcss`, `storybook`, and `terser-webpack-plugin`.\n\u003e\n\u003e - Risk: `uuid` v14 and `axios` v1.16 may include breaking API changes that could affect runtime behavior.\n\u003e\n\u003e \u003c!-- Macroscope's review summary starts here --\u003e\n\u003e\n\u003e \u003csup\u003e\u003ca href=\"https://app.macroscope.com\"\u003eMacroscope\u003c/a\u003e summarized e748ef9.\u003c/sup\u003e\n\u003e \u003c!-- Macroscope's review summary ends here --\u003e\n\u003e\n\u003c!-- macroscope-ui-refresh --\u003e\n\u003c!-- Macroscope's pull request summary ends here --\u003e","html_url":"https://github.com/EmilynnJ/ragflow/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/EmilynnJ%2Fragflow/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"1.13.2","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-29T23:48:40.000Z","version_change":"1.13.2 → 1.13.8","issue":{"uuid":"4552302770","node_id":"PR_kwDOR9nArM7g1yCr","number":5,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-29T23:48:40.000Z","updated_at":"2026-05-29T23:49:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"turbo","old_version":"2.5.2","new_version":"2.9.14","repository_url":"https://github.com/vercel/turborepo"},{"name":"vite","old_version":"6.3.4","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"svelte","old_version":"4.2.19","new_version":"5.55.7","repository_url":"https://github.com/sveltejs/svelte"},{"name":"ws","old_version":"8.17.1","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"webpack-dev-server","old_version":"5.2.2","new_version":"5.2.4","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"next","old_version":"15.4.0","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.22.5","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.3","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.6","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"tar","old_version":"7.4.3","new_version":"7.5.15","repository_url":"https://github.com/isaacs/node-tar"},{"name":"underscore","old_version":"1.13.2","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [turbo](https://github.com/vercel/turborepo) | `2.5.2` | `2.9.14` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.3.4` | `6.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) | `4.2.19` | `5.55.7` |\n| [ws](https://github.com/websockets/ws) | `8.17.1` | `8.20.1` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `5.2.2` | `5.2.4` |\n| [next](https://github.com/vercel/next.js) | `15.4.0` | `15.5.18` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.22.5` | `7.29.7` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.15` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.3` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.6` | `4.7.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.15` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.2` | `1.13.8` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\n\nUpdates `turbo` from 2.5.2 to 2.9.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/turborepo/releases\"\u003eturbo's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTurborepo v2.9.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release contains important security fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eHigh:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-5xc8-49mv-x4mm\"\u003eGHSA-5xc8-49mv-x4mm: Turborepo VSCode Extension command injection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eLow:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-hcf7-66rw-9f5r\"\u003eGHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/security/advisories/GHSA-3qcw-2rhx-2726\"\u003eGHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Release 2.9.13 by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12803\"\u003evercel/turborepo#12803\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\"\u003ehttps://github.com/vercel/turborepo/compare/v2.9.12...v2.9.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eTurborepo v2.9.13-canary.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erelease(turborepo): 2.9.11-canary.7 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12768\"\u003evercel/turborepo#12768\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow \u003ccode\u003e$TURBO_EXTENDS$\u003c/code\u003e in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12770\"\u003evercel/turborepo#12770\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.11 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12771\"\u003evercel/turborepo#12771\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Allow transit nodes in LSP diagnostics by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12773\"\u003evercel/turborepo#12773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erelease(turborepo): 2.9.12 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12774\"\u003evercel/turborepo#12774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Restore docs mobile menu by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12782\"\u003evercel/turborepo#12782\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12787\"\u003evercel/turborepo#12787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: Scope GitHub Actions caches by branch by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12788\"\u003evercel/turborepo#12788\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: Validate lockfiles without dependency downloads by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12789\"\u003evercel/turborepo#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved unneeded import form hash creation script in docs by \u003ca href=\"https://github.com/dancrumb\"\u003e\u003ccode\u003e@​dancrumb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12799\"\u003evercel/turborepo#12799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Validate auth callback state by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12802\"\u003evercel/turborepo#12802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Harden VS Code extension command execution by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12800\"\u003evercel/turborepo#12800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Avoid project-local Yarn during detection by \u003ca href=\"https://github.com/anthonyshew\"\u003e\u003ccode\u003e@​anthonyshew\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vercel/turborepo/pull/12801\"\u003evercel/turborepo#12801\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fc62fe0d9c347d1d24f0ed8946284856593ddb93\"\u003e\u003ccode\u003efc62fe0\u003c/code\u003e\u003c/a\u003e publish 2.9.14 to registry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/fb8c9aec0f9e83f95783659a5ce9c4478cf62cb9\"\u003e\u003ccode\u003efb8c9ae\u003c/code\u003e\u003c/a\u003e chore: Release 2.9.13 (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12803\"\u003e#12803\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/e8e629da4e1fb75231089e91b19be9d327a3e649\"\u003e\u003ccode\u003ee8e629d\u003c/code\u003e\u003c/a\u003e fix: Avoid project-local Yarn during detection (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12801\"\u003e#12801\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/91c90cbf12f524c5c29b713d6472dd5fcdecb309\"\u003e\u003ccode\u003e91c90cb\u003c/code\u003e\u003c/a\u003e fix: Harden VS Code extension command execution (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12800\"\u003e#12800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/84f450894e87da1eed864d51f6f637f26980d560\"\u003e\u003ccode\u003e84f4508\u003c/code\u003e\u003c/a\u003e fix: Validate auth callback state (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12802\"\u003e#12802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/1779ad7901384f106236a6e196059e4929745514\"\u003e\u003ccode\u003e1779ad7\u003c/code\u003e\u003c/a\u003e Removed unneeded import form hash creation script in docs (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12799\"\u003e#12799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/71f8c90a807ffb9b9876ea8a04f523f473bf5c8d\"\u003e\u003ccode\u003e71f8c90\u003c/code\u003e\u003c/a\u003e test: Validate lockfiles without dependency downloads (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12789\"\u003e#12789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/5fcb96024d503127bb0ed760ebe159b7716c52b3\"\u003e\u003ccode\u003e5fcb960\u003c/code\u003e\u003c/a\u003e ci: Scope GitHub Actions caches by branch (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12788\"\u003e#12788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/4cf9fabc9a6f6c99fe4e2f2da9f35be631be062a\"\u003e\u003ccode\u003e4cf9fab\u003c/code\u003e\u003c/a\u003e ci: Use \u003ccode\u003epull_request\u003c/code\u003e for PR title linting (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12787\"\u003e#12787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/turborepo/commit/859c629bc401f239ac7980a132746ca90478e17c\"\u003e\u003ccode\u003e859c629\u003c/code\u003e\u003c/a\u003e fix: Restore docs mobile menu (\u003ca href=\"https://redirect.github.com/vercel/turborepo/issues/12782\"\u003e#12782\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/turborepo/compare/v2.5.2...v2.9.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for turbo since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.3.4 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `svelte` from 4.2.19 to 5.55.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/releases\"\u003esvelte's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esvelte@5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esvelte@5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: abort running obsolete async branches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18118\"\u003e#18118\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md\"\u003esvelte's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.55.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: prevent XSS on \u003ccode\u003ehydratable\u003c/code\u003e from user contents (\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc67bbcf8f708360195687e1b2719463e1a4\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: bump devalue (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18219\"\u003e#18219\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: disallow empty attribute names during SSR (\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e2406a2147ad7fb5ffeba95b01bd9642da\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: harden regex (\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2ebcab5c88feb5652f1a9d621b8f06b259\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: move Svelte runtime properties to symbols (\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd96441e82c9eb8a23a2903c0d06d3cda991\u003c/code\u003e\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.55.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003efix: leave stale promises to wait for a later resolution, instead of rejecting (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18180\"\u003e#18180\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: keep dependencies of \u003ccode\u003e$state.eager/pending\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18218\"\u003e#18218\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reapply context after transforming error during SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18099\"\u003e#18099\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: don't rebase just-created batches (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18117\"\u003e#18117\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: allow \u003ccode\u003enull\u003c/code\u003e for \u003ccode\u003epending\u003c/code\u003e in typings (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18201\"\u003e#18201\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: flush eager effects in production (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18107\"\u003e#18107\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: rethrow error of failed iterable after calling \u003ccode\u003ereturn()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18169\"\u003e#18169\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: account for proxified instance when updating \u003ccode\u003ebind:this\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18147\"\u003e#18147\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: ensure scheduled batch is flushed if not obsolete (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18131\"\u003e#18131\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: resolve stale deriveds with latest value (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18167\"\u003e#18167\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003echore: remove unnecessary \u003ccode\u003eincrement_pending\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18183\"\u003e#18183\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: correctly compile component member expressions for SSR (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18192\"\u003e#18192\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: reset \u003ccode\u003esource.updated\u003c/code\u003e stack traces after \u003ccode\u003eflush\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18196\"\u003e#18196\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: replacing async 'blocking' strategy with 'merging' (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18205\"\u003e#18205\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: allow \u003ccode\u003e@debug\u003c/code\u003e tags to reference awaited variables (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18138\"\u003e#18138\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003efix: re-run fallback props if dependencies update (\u003ca href=\"https://redirect.github.com/sveltejs/svelte/pull/18146\"\u003e#18146\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/4d8f99a2709e3c02e48d8bc6c77458f4ba49d0e3\"\u003e\u003ccode\u003e4d8f99a\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18220\"\u003e#18220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/05523088173e10af0753877af6936088de924833\"\u003e\u003ccode\u003e0552308\u003c/code\u003e\u003c/a\u003e chore: bump devalue (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18219\"\u003e#18219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/e1cbbd96441e82c9eb8a23a2903c0d06d3cda991\"\u003e\u003ccode\u003ee1cbbd9\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4\"\u003e\u003ccode\u003ea16ebc6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/d2375e2ebcab5c88feb5652f1a9d621b8f06b259\"\u003e\u003ccode\u003ed2375e2\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/547853e2406a2147ad7fb5ffeba95b01bd9642da\"\u003e\u003ccode\u003e547853e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/55f9c85c09d625c3dd80c71ce7542f57386fafb4\"\u003e\u003ccode\u003e55f9c85\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18158\"\u003e#18158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/a10e8e47a5946623a60a1e36b9023c23926eae87\"\u003e\u003ccode\u003ea10e8e4\u003c/code\u003e\u003c/a\u003e fix: keep dependencies of \u003ccode\u003e$state.eager\u003c/code\u003e/\u003ccode\u003epending\u003c/code\u003e (alternative approach) (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/ef4b97dfabfd7a23b27933e18f7393587c343d66\"\u003e\u003ccode\u003eef4b97d\u003c/code\u003e\u003c/a\u003e fix: duplicated \u0026quot;of\u0026quot; in events.js comment (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18217\"\u003e#18217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sveltejs/svelte/commit/5122936edb3c14e9a602e579727479b49cbd3239\"\u003e\u003ccode\u003e5122936\u003c/code\u003e\u003c/a\u003e fix: treat batches as a linked list (\u003ca href=\"https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte/issues/18205\"\u003e#18205\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sveltejs/svelte/commits/svelte@5.55.7/packages/svelte\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for svelte since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.17.1 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.17.1...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack-dev-server` from 5.2.2 to 5.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/releases\"\u003ewebpack-dev-server's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.4\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.2.3\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md\"\u003ewebpack-dev-server's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.3...v5.2.4\"\u003e5.2.4\u003c/a\u003e (2026-05-11)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eset Cross-Origin-Resource-Policy header to prevent source code theft over HTTP\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.3\"\u003e5.2.3\u003c/a\u003e (2026-01-12)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003ecause\u003c/code\u003e for \u003ccode\u003eerrorObject\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5518\"\u003e#5518\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/37b033da2c48335178495a1987c469a26ef3de60\"\u003e37b033d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecompatibility with event target and universal target and lazy compilation  (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/574026c44b9c51f0bbd2f5a2836c54607289a071\"\u003e574026c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eoverlay:\u003c/strong\u003e add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003ef91baa8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eprogress indicator styles (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5557\"\u003e#5557\u003c/a\u003e) (\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/41a53a1accdb0a90785d82cbe8a079794eeed3c8\"\u003e41a53a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade selfsigned to v5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/fd401308f1cc026262880e2dab810004d6444282\"\u003e\u003ccode\u003efd40130\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/ece4f3617bea31fb6d3833f69a32b6c289959a49\"\u003e\u003ccode\u003eece4f36\u003c/code\u003e\u003c/a\u003e chore: update deps (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5661\"\u003e#5661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/a2161442a314a06a97e25d1404d08410cb4e9c51\"\u003e\u003ccode\u003ea216144\u003c/code\u003e\u003c/a\u003e ci: fix test (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5658\"\u003e#5658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/df073c53a8cefb54210b43813fa6ee60364a554e\"\u003e\u003ccode\u003edf073c5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/b550a702bd4246d1724513b70de0bfbe6604672f\"\u003e\u003ccode\u003eb550a70\u003c/code\u003e\u003c/a\u003e chore(release): 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/9704dc52e3f696ae1446428c25882745e9b65cbb\"\u003e\u003ccode\u003e9704dc5\u003c/code\u003e\u003c/a\u003e chore: upgrade selfsigned to v5 and remove node-forge dependency (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5618\"\u003e#5618\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/92bf644784741e8ea5adaa4a1dc26f4d462f223d\"\u003e\u003ccode\u003e92bf644\u003c/code\u003e\u003c/a\u003e chore: bump express to update qs (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5621\"\u003e#5621\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/792b2f0bd13a3b93abf701fe3a5cf41ee16722f4\"\u003e\u003ccode\u003e792b2f0\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5606\"\u003e#5606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/6d587cab3e023675de2feedf81bcdfcec7d5b774\"\u003e\u003ccode\u003e6d587ca\u003c/code\u003e\u003c/a\u003e chore(deps): bump the dependencies group across 1 directory with 27 updates (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack-dev-server/commit/f91baa8831e061e2998849966b8002b40b83fb07\"\u003e\u003ccode\u003ef91baa8\u003c/code\u003e\u003c/a\u003e fix(overlay): add ESC key to dismiss overlay (\u003ca href=\"https://redirect.github.com/webpack/webpack-dev-server/issues/5598\"\u003e#5598\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack-dev-server/compare/v5.2.2...v5.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 15.4.0 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.4.0...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.22.5 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.3 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore sc...\n\n_Description has been truncated_","html_url":"https://github.com/Dct555/graphiql/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dct555%2Fgraphiql/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-26T00:38:16.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4520368286","node_id":"PR_kwDOPH88z87fNooW","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 18 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-26T00:38:16.000Z","updated_at":"2026-05-26T03:04:30.103Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":18,"packages":[{"name":"@modelcontextprotocol/sdk","old_version":"1.13.1","new_version":"1.29.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"agents","old_version":"0.0.100","new_version":"0.3.10","repository_url":"https://github.com/cloudflare/agents"},{"name":"wrangler","old_version":"4.24.3","new_version":"4.94.0","repository_url":"https://github.com/cloudflare/workers-sdk"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"markdown-it","old_version":"14.1.0","new_version":"14.2.0","repository_url":"https://github.com/markdown-it/markdown-it"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.5.6","new_version":"8.5.15","repository_url":"https://github.com/postcss/postcss"},{"name":"rollup","old_version":"4.44.2","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"tmp","old_version":"0.2.3","new_version":"0.2.5","repository_url":"https://github.com/raszi/node-tmp"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"vite","old_version":"7.0.4","new_version":"7.3.3","repository_url":"https://github.com/vitejs/vite"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 12 updates in the /use-cases/mcp-server directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.13.1` | `1.29.0` |\n| [agents](https://github.com/cloudflare/agents/tree/HEAD/packages/agents) | `0.0.100` | `0.3.10` |\n| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.24.3` | `4.94.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.2.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` |\n| [rollup](https://github.com/rollup/rollup) | `4.44.2` | `4.60.4` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.0.4` | `7.3.3` |\n\n\nUpdates `@modelcontextprotocol/sdk` from 1.13.1 to 1.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.29.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1749\"\u003emodelcontextprotocol/typescript-sdk#1749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: disallow null (infinite) requested TTL by \u003ca href=\"https://github.com/LucaButBoring\"\u003e\u003ccode\u003e@​LucaButBoring\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1339\"\u003emodelcontextprotocol/typescript-sdk#1339\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x] fix: add missing size field to ResourceSchema by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1575\"\u003emodelcontextprotocol/typescript-sdk#1575\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typings exports by \u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x npm audit fix by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1780\"\u003emodelcontextprotocol/typescript-sdk#1780\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1773\"\u003emodelcontextprotocol/typescript-sdk#1773\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Allow servers / clients to advertise extensions in the capability object by \u003ca href=\"https://github.com/localden\"\u003e\u003ccode\u003e@​localden\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1811\"\u003emodelcontextprotocol/typescript-sdk#1811\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(stdio): always set windowsHide on Windows, not just in Electron by \u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.29.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1820\"\u003emodelcontextprotocol/typescript-sdk#1820\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tdraier\"\u003e\u003ccode\u003e@​tdraier\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1623\"\u003emodelcontextprotocol/typescript-sdk#1623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jnMetaCode\"\u003e\u003ccode\u003e@​jnMetaCode\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1640\"\u003emodelcontextprotocol/typescript-sdk#1640\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.28.0...v1.29.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.28.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use scopes_supported from resource metadata by default (fixes \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/580\"\u003e#580\u003c/a\u003e) by \u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[v1.x backport] Default to client_secret_basic when server omits token_endpoint_auth_methods_supported by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1611\"\u003emodelcontextprotocol/typescript-sdk#1611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: reject plain JSON Schema objects passed as inputSchema by \u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: clear _timeoutInfo in _onclose() and scope .finally() abort controller cleanup by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1462\"\u003emodelcontextprotocol/typescript-sdk#1462\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(server/auth): RFC 8252 loopback port relaxation by \u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.28.0 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1746\"\u003emodelcontextprotocol/typescript-sdk#1746\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antogyn\"\u003e\u003ccode\u003e@​antogyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/757\"\u003emodelcontextprotocol/typescript-sdk#757\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tiluckdave\"\u003e\u003ccode\u003e@​tiluckdave\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1596\"\u003emodelcontextprotocol/typescript-sdk#1596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/poteat\"\u003e\u003ccode\u003e@​poteat\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1738\"\u003emodelcontextprotocol/typescript-sdk#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.1...v1.28.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: implement auth/pre-registration conformance scenario by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1545\"\u003emodelcontextprotocol/typescript-sdk#1545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add governance documentation for SEP-1730 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1547\"\u003emodelcontextprotocol/typescript-sdk#1547\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: comprehensive feature documentation for SEP-1730 Tier 1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1548\"\u003emodelcontextprotocol/typescript-sdk#1548\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent command injection in example URL opening (v1.x backport) by \u003ca href=\"https://github.com/maxisbey\"\u003e\u003ccode\u003e@​maxisbey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1579\"\u003emodelcontextprotocol/typescript-sdk#1579\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: call onerror for silently swallowed transport errors by \u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.27.1 by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1581\"\u003emodelcontextprotocol/typescript-sdk#1581\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qing-ant\"\u003e\u003ccode\u003e@​qing-ant\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1580\"\u003emodelcontextprotocol/typescript-sdk#1580\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.27.0...v1.27.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.27.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/e12cbd7078db388152f6e839abdbe09ba01f3f32\"\u003e\u003ccode\u003ee12cbd7\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.29.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1820\"\u003e#1820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/3913fd4443a86536155e3ebef9edd2045c372c1e\"\u003e\u003ccode\u003e3913fd4\u003c/code\u003e\u003c/a\u003e fix(stdio): always set windowsHide on Windows, not just in Electron (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1640\"\u003e#1640\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/5608e78dd0d4ca6cd7dd03278419578f1780365a\"\u003e\u003ccode\u003e5608e78\u003c/code\u003e\u003c/a\u003e [v1.x backport] Allow servers / clients to advertise extensions in the capabi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/7213816788e634ffb9d09affe50f0295093bfb73\"\u003e\u003ccode\u003e7213816\u003c/code\u003e\u003c/a\u003e v1.x \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e follow up -add missing types to package.json (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1773\"\u003e#1773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/364f38ca2d8895aed7c37b7a0a1031bb7ae4841c\"\u003e\u003ccode\u003e364f38c\u003c/code\u003e\u003c/a\u003e v1.x npm audit fix (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1780\"\u003e#1780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/c95cc0943b045517e4cc414baf1f168b216c3142\"\u003e\u003ccode\u003ec95cc09\u003c/code\u003e\u003c/a\u003e Add typings exports (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1623\"\u003e#1623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/ddadaa6cc633fb5db0c094bf031b15b68a357820\"\u003e\u003ccode\u003eddadaa6\u003c/code\u003e\u003c/a\u003e [v1.x] fix: add missing size field to ResourceSchema (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1575\"\u003e#1575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/2a158513028d9f862c4188b6957e78cd5663f26b\"\u003e\u003ccode\u003e2a15851\u003c/code\u003e\u003c/a\u003e [v1.x] fix: disallow null (infinite) requested TTL (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/13e30f1d36de8442417fec695983bdb155c00768\"\u003e\u003ccode\u003e13e30f1\u003c/code\u003e\u003c/a\u003e fix: treat v1.x as primary branch for npm latest tag (backport \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1577\"\u003e#1577\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1749\"\u003e#1749\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0565695218544fc53e99bf5b544a887d373cefa\"\u003e\u003ccode\u003ea056569\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.28.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1746\"\u003e#1746\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.13.1...v1.29.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~pcarleton\"\u003epcarleton\u003c/a\u003e, a new releaser for \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `agents` from 0.0.100 to 0.3.10\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/agents/blob/main/packages/agents/CHANGELOG.md\"\u003eagents's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.3.10\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/agents/pull/839\"\u003e#839\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/agents/commit/68916bfa08358d4bb5d61aff37acd8dc4ffc950e\"\u003e\u003ccode\u003e68916bf\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/whoiskatrin\"\u003e\u003ccode\u003e@​whoiskatrin\u003c/code\u003e\u003c/a\u003e! - Invalidate query cache on disconnect to fix stale auth tokens\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/agents/pull/841\"\u003e#841\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/agents/commit/3f490d045844e4884db741afbb66ca1fe65d4093\"\u003e\u003ccode\u003e3f490d0\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e! - Escape authError to prevent XSS attacks and store it in the connection state to avoid needing script tags to display error.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/cloudflare/agents/commit/83f137f7046aeafc3b480b5aa4518f6290b14406\"\u003e\u003ccode\u003e83f137f\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​cloudflare/ai-chat\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.0.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.3.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/agents/pull/837\"\u003e#837\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/agents/commit/b11b9dda37d85a474b07e6ca48fb8cee566db9cc\"\u003e\u003ccode\u003eb11b9dd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/threepointone\"\u003e\u003ccode\u003e@​threepointone\u003c/code\u003e\u003c/a\u003e! - Fix AgentWorkflow run() method not being called in production\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003erun()\u003c/code\u003e method wrapper was being set as an instance property in the constructor, but Cloudflare's RPC system invokes methods from the prototype chain. This caused the initialization wrapper to be bypassed in production, resulting in \u003ccode\u003e_initAgent\u003c/code\u003e never being called.\u003c/p\u003e\n\u003cp\u003eChanged to wrap the subclass prototype's \u003ccode\u003erun\u003c/code\u003e method directly with proper safeguards:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUses \u003ccode\u003eObject.hasOwn()\u003c/code\u003e to only wrap prototypes that define their own \u003ccode\u003erun\u003c/code\u003e method (prevents double-wrapping inherited methods)\u003c/li\u003e\n\u003cli\u003eUses a \u003ccode\u003eWeakSet\u003c/code\u003e to track wrapped prototypes (prevents re-wrapping on subsequent instantiations)\u003c/li\u003e\n\u003cli\u003eUses an instance-level \u003ccode\u003e__agentInitCalled\u003c/code\u003e flag to prevent double initialization if \u003ccode\u003esuper.run()\u003c/code\u003e is called from a subclass\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.3.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/agents/pull/833\"\u003e#833\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/agents/commit/6c80022713a120c1a93e6afe16d20aee9ab6c9cb\"\u003e\u003ccode\u003e6c80022\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/tarushnagpal\"\u003e\u003ccode\u003e@​tarushnagpal\u003c/code\u003e\u003c/a\u003e! - On invalid OAuth state, clear auth_url in storage and set the MCP connection state to FAILED ready for reconnection.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/agents/pull/834\"\u003e#834\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/agents/commit/2b4aecde7e6887764b5733033b615427cd564926\"\u003e\u003ccode\u003e2b4aecd\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/threepointone\"\u003e\u003ccode\u003e@​threepointone\u003c/code\u003e\u003c/a\u003e! - Fix AgentClient.close() to immediately reject pending RPC calls instead of waiting for WebSocket close handshake timeout.\u003c/p\u003e\n\u003cp\u003ePreviously, calling \u003ccode\u003eclient.close()\u003c/code\u003e would not reject pending RPC calls until the WebSocket close handshake completed (which could take 15+ seconds in some environments). Now pending calls are rejected immediately when \u003ccode\u003eclose()\u003c/code\u003e is called, providing faster feedback on intentional disconnects.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.3.7\u003c/h2\u003e\n\u003ch1\u003eagents@0.3.7 Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release introduces \u003cstrong\u003eCloudflare Workflows integration\u003c/strong\u003e for durable multi-step processing, \u003cstrong\u003esecure email reply routing\u003c/strong\u003e with HMAC-SHA256 signatures, \u003cstrong\u003e15+ new documentation files\u003c/strong\u003e, and significant improvements to state management, the callable RPC system, and scheduling.\u003c/p\u003e\n\u003ch2\u003eHighlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eWorkflows Integration\u003c/strong\u003e - Seamless integration between Cloudflare Agents and Cloudflare Workflows for durable, multi-step background processing\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSecure Email Routing\u003c/strong\u003e - HMAC-SHA256 signed email headers prevent unauthorized routing of emails to agent instances\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eComprehensive Documentation\u003c/strong\u003e - 15+ new docs covering getting started, state, routing, HTTP/WebSocket lifecycle, callable methods, MCP, and scheduling\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSynchronous \u003ccode\u003esetState()\u003c/code\u003e\u003c/strong\u003e - State updates are now synchronous with a new \u003ccode\u003evalidateStateChange()\u003c/code\u003e validation hook\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003escheduleEvery()\u003c/code\u003e Method\u003c/strong\u003e - Fixed-interval recurring tasks with overlap prevention\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCallable System Improvements\u003c/strong\u003e - Client-side RPC timeouts, streaming error signaling, introspection API\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e100+ New Tests\u003c/strong\u003e - Comprehensive test coverage across state, routing, callable, and email utilities\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/069c584847b00db334840e4d158f2862ed504226\"\u003e\u003ccode\u003e069c584\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/840\"\u003e#840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/3f490d045844e4884db741afbb66ca1fe65d4093\"\u003e\u003ccode\u003e3f490d0\u003c/code\u003e\u003c/a\u003e fix: escape html in external oauth error message (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/841\"\u003e#841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/68916bfa08358d4bb5d61aff37acd8dc4ffc950e\"\u003e\u003ccode\u003e68916bf\u003c/code\u003e\u003c/a\u003e Invalidate query cache on disconnect to fix stale auth tokens (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/839\"\u003e#839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/e69eae544620e7ac1b071159edc85e16a009a4f8\"\u003e\u003ccode\u003ee69eae5\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/b11b9dda37d85a474b07e6ca48fb8cee566db9cc\"\u003e\u003ccode\u003eb11b9dd\u003c/code\u003e\u003c/a\u003e Fix AgentWorkflow run() method not being called in production (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/837\"\u003e#837\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/72b44063df75dd782c1e8ac4beb26cdcaa5a5d7b\"\u003e\u003ccode\u003e72b4406\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/6c80022713a120c1a93e6afe16d20aee9ab6c9cb\"\u003e\u003ccode\u003e6c80022\u003c/code\u003e\u003c/a\u003e Handle invalid OAUth state (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/833\"\u003e#833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/2b4aecde7e6887764b5733033b615427cd564926\"\u003e\u003ccode\u003e2b4aecd\u003c/code\u003e\u003c/a\u003e Fix slow RPC rejection on close; add browser integration tests (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/834\"\u003e#834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/964757711645dd75a6661961df0139ab3079b348\"\u003e\u003ccode\u003e9647577\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/802\"\u003e#802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/agents/commit/6218541e9c1e40ccbaa25b2d9d93858c0ad81ffa\"\u003e\u003ccode\u003e6218541\u003c/code\u003e\u003c/a\u003e docs/tests/enhancements  (\u003ca href=\"https://github.com/cloudflare/agents/tree/HEAD/packages/agents/issues/812\"\u003e#812\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/agents/commits/agents@0.3.10/packages/agents\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for agents since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.8.3 to 4.12.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.23\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(serve-static): normalize all backslashes in file paths, not just the first in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4962\"\u003ehonojs/hono#4962\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(context): export the Context class publicly by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4543\"\u003ehonojs/hono#4543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(contribution): add AI Usage Policy by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4970\"\u003ehonojs/hono#4970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(compress): add contentTypeFilter option and \u003ccode\u003eCOMPRESSIBLE_CONTENT_TYPE_REGEX\u003c/code\u003e re-export by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4961\"\u003ehonojs/hono#4961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(utils/ipaddr): do not compress a single 0 group to \u003ccode\u003e::\u003c/code\u003e by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4971\"\u003ehonojs/hono#4971\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.22...v4.12.23\"\u003ehttps://github.com/honojs/hono/compare/v4.12.22...v4.12.23\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.22\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update vitest to v4 and cleanups by \u003ca href=\"https://github.com/BlankParticle\"\u003e\u003ccode\u003e@​BlankParticle\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4952\"\u003ehonojs/hono#4952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mime): specify charset parameter per MIME type instead of mechanical detection by \u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(compress): respect Accept-Encoding when encoding option is set by \u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deno): echo negotiated WebSocket subprotocol in upgrade response by \u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add msgpack as a compressible content type by \u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/renatograsso10\"\u003e\u003ccode\u003e@​renatograsso10\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4912\"\u003ehonojs/hono#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/LeSingh1\"\u003e\u003ccode\u003e@​LeSingh1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4951\"\u003ehonojs/hono#4951\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ATOM00blue\"\u003e\u003ccode\u003e@​ATOM00blue\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4955\"\u003ehonojs/hono#4955\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/na-trium-144\"\u003e\u003ccode\u003e@​na-trium-144\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4957\"\u003ehonojs/hono#4957\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.21...v4.12.22\"\u003ehttps://github.com/honojs/hono/compare/v4.12.21...v4.12.22\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.21\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eapp.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003eapp.mount()\u003c/code\u003e. Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3\u003c/p\u003e\n\u003ch3\u003eIP Restriction bypasses static deny rules for non-canonical IPv6\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/ip-restriction\u003c/code\u003e. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5\u003c/p\u003e\n\u003ch3\u003eCookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of \u003ccode\u003esameSite\u003c/code\u003e and \u003ccode\u003epriority\u003c/code\u003e options against injection characters (\u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e\\r\u003c/code\u003e, \u003ccode\u003e\\n\u003c/code\u003e), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x\u003c/p\u003e\n\u003ch3\u003eJWT middleware accepts any Authorization scheme, not only Bearer\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/jwt\u003c/code\u003e, \u003ccode\u003ehono/jwk\u003c/code\u003e. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use \u003ccode\u003eapp.mount()\u003c/code\u003e, \u003ccode\u003ehono/ip-restriction\u003c/code\u003e, \u003ccode\u003ehono/cookie\u003c/code\u003e, or \u003ccode\u003ehono/jwt\u003c/code\u003e/\u003ccode\u003ehono/jwk\u003c/code\u003e are encouraged to upgrade to this version.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/83bfb3bb4a12c1d92c163a39e907df5d662ff78d\"\u003e\u003ccode\u003e83bfb3b\u003c/code\u003e\u003c/a\u003e 4.12.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/bcd290a64c0b392fd06d2bd1f256c5dc9835e4a4\"\u003e\u003ccode\u003ebcd290a\u003c/code\u003e\u003c/a\u003e fix(utils/ipaddr): do not compress a single 0 group to \u003ccode\u003e::\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4971\"\u003e#4971\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c968177d9c11ddc7c7cca57c384497f11a6d60ae\"\u003e\u003ccode\u003ec968177\u003c/code\u003e\u003c/a\u003e feat(compress): add contentTypeFilter option and `COMPRESSIBLE_CONTENT_TYPE_R...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/0265a5453a7c272417eaa22b93d3fb319d2188ed\"\u003e\u003ccode\u003e0265a54\u003c/code\u003e\u003c/a\u003e docs(contribution): add AI Usage Policy (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4970\"\u003e#4970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c84c5d2d46ca6a78c316529491d42ab7bb956368\"\u003e\u003ccode\u003ec84c5d2\u003c/code\u003e\u003c/a\u003e feat(context): export the Context class publicly (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4543\"\u003e#4543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/82dad6297c90c33c41bf48b4530509a21588ad06\"\u003e\u003ccode\u003e82dad62\u003c/code\u003e\u003c/a\u003e fix(serve-static): normalize all backslashes in file paths, not just the firs...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/2f01b774b168911d24e4864fb66054f5de9d9a4e\"\u003e\u003ccode\u003e2f01b77\u003c/code\u003e\u003c/a\u003e 4.12.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/6bc0dff277684ee50ace6dc87a7ad73a9c131c99\"\u003e\u003ccode\u003e6bc0dff\u003c/code\u003e\u003c/a\u003e feat: add msgpack as a compressible content type (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4957\"\u003e#4957\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/7e0555d14c72d4204347ac9afaae32ba5c013ab9\"\u003e\u003ccode\u003e7e0555d\u003c/code\u003e\u003c/a\u003e fix(deno): echo negotiated WebSocket subprotocol in upgrade response (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f0ed2465913f2a89ebdf65cc54d6254915fc3ff6\"\u003e\u003ccode\u003ef0ed246\u003c/code\u003e\u003c/a\u003e fix(compress): respect Accept-Encoding when encoding option is set (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4951\"\u003e#4951\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.8.3...v4.12.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `wrangler` from 4.24.3 to 4.94.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/workers-sdk/releases\"\u003ewrangler's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ewrangler@4.94.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/workers-sdk/pull/13897\"\u003e#13897\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/52e9082e32d7bffaeca92f27ab472b56964ba2bb\"\u003e\u003ccode\u003e52e9082\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/dario-piotrowicz\"\u003e\u003ccode\u003e@​dario-piotrowicz\u003c/code\u003e\u003c/a\u003e! - Add automatic Cloudflare skills installation for AI coding agents\u003c/p\u003e\n\u003cp\u003eWrangler now detects AI coding agents and offers to install Cloudflare skill files from the \u003ccode\u003ecloudflare/skills\u003c/code\u003e GitHub repository. Users are prompted once interactively; subsequent runs skip the prompt. Use \u003ccode\u003e--install-skills\u003c/code\u003e to install without prompting.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/workers-sdk/pull/13989\"\u003e#13989\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/f598eac72bcdf838ba890bcbd100e99ee8fac17f\"\u003e\u003ccode\u003ef598eac\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/MattieTK\"\u003e\u003ccode\u003e@​MattieTK\u003c/code\u003e\u003c/a\u003e! - Print a QR code alongside the tunnel URL when sharing via Cloudflare Tunnel\u003c/p\u003e\n\u003cp\u003eWhen a tunnel is started (via \u003ccode\u003ewrangler dev --tunnel\u003c/code\u003e or the Vite plugin with \u003ccode\u003etunnel: true\u003c/code\u003e), a scannable QR code is now printed to the terminal beneath the tunnel URL. This makes it easy to open the tunnel on a mobile device without manually copying the URL.\u003c/p\u003e\n\u003cp\u003eThe QR code uses Unicode block characters for a compact representation and is generated best-effort -- if generation fails for any reason, the tunnel URL is still displayed as before.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/cloudflare/workers-sdk/pull/13467\"\u003e#13467\u003c/a\u003e \u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/3a1fbed5988efe03ae50cc502eff6a4785728396\"\u003e\u003ccode\u003e3a1fbed\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/deloreyj\"\u003e\u003ccode\u003e@​deloreyj\u003c/code\u003e\u003c/a\u003e! - Add \u003ccode\u003eschedule\u003c/code\u003e property to Workflow bindings for cron-based triggering\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e This is a configuration-only change. Scheduled triggering of Workflow instances is not yet available — adding \u003ccode\u003eschedule\u003c/code\u003e to a Workflow binding will not result in scheduled invocations at this time. This change lays the groundwork for an upcoming feature.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eWorkflow bindings in \u003ccode\u003ewrangler.json\u003c/code\u003e now accept an optional \u003ccode\u003eschedule\u003c/code\u003e field that configures one or more cron expressions to automatically trigger new workflow instances on a schedule.\u003c/p\u003e\n\u003cpre lang=\"jsonc\"\u003e\u003ccode\u003e// wrangler.json\n{\n  \u0026quot;workflows\u0026quot;: [\n    {\n      \u0026quot;binding\u0026quot;: \u0026quot;MY_WORKFLOW\u0026quot;,\n      \u0026quot;name\u0026quot;: \u0026quot;my-workflow\u0026quot;,\n      \u0026quot;class_name\u0026quot;: \u0026quot;MyWorkflow\u0026quot;,\n      \u0026quot;schedule\u0026quot;: \u0026quot;0 9 * * 1\u0026quot;\n    }\n  ]\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eMultiple schedules can be provided as an array:\u003c/p\u003e\n\u003cpre lang=\"jsonc\"\u003e\u003ccode\u003e{\n  \u0026quot;workflows\u0026quot;: [\n    {\n      \u0026quot;binding\u0026quot;: \u0026quot;MY_WORKFLOW\u0026quot;,\n      \u0026quot;name\u0026quot;: \u0026quot;my-workflow\u0026quot;,\n      \u0026quot;class_name\u0026quot;: \u0026quot;MyWorkflow\u0026quot;,\n      \u0026quot;schedule\u0026quot;: [\u0026quot;0 9 * * 1\u0026quot;, \u0026quot;0 17 * * 5\u0026quot;]\n    }\n  ]\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe schedule is sent to the Workflows control plane on \u003ccode\u003ewrangler deploy\u003c/code\u003e. Configuring \u003ccode\u003eschedule\u003c/code\u003e on a workflow binding that references an external \u003ccode\u003escript_name\u003c/code\u003e is an error — the schedule must be configured on the worker that defines the workflow.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/b92f87cbbf3e8646d0c10e4e9bbc9391d669b899\"\u003e\u003ccode\u003eb92f87c\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13995\"\u003e#13995\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/fc1f7b977908b78a4379d1d7b261ca7c69022ba3\"\u003e\u003ccode\u003efc1f7b9\u003c/code\u003e\u003c/a\u003e [wrangler] Fix Access Service Token authentication for service-auth-only apps...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/f598eac72bcdf838ba890bcbd100e99ee8fac17f\"\u003e\u003ccode\u003ef598eac\u003c/code\u003e\u003c/a\u003e [wrangler][vite-plugin] Print QR code for tunnel URLs (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13989\"\u003e#13989\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/52e9082e32d7bffaeca92f27ab472b56964ba2bb\"\u003e\u003ccode\u003e52e9082\u003c/code\u003e\u003c/a\u003e Add automatic Cloudflare skills installation for AI coding agents (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13897\"\u003e#13897\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/07336888e0bc82925e4023f5b72a0062f10d77b8\"\u003e\u003ccode\u003e0733688\u003c/code\u003e\u003c/a\u003e build(deps): bump the workerd-and-workers-types group with 2 updates (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13993\"\u003e#13993\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/8c569c6232588594e7a48219bbd020955f5fd5a4\"\u003e\u003ccode\u003e8c569c6\u003c/code\u003e\u003c/a\u003e [wrangler] Include column names in D1 SQL export (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/12277\"\u003e#12277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/3a1fbed5988efe03ae50cc502eff6a4785728396\"\u003e\u003ccode\u003e3a1fbed\u003c/code\u003e\u003c/a\u003e [wrangler] Add schedule property to Workflow bindings for cron-based triggeri...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/90092c0bca526e2e08a25fe7969534426eb6fd9f\"\u003e\u003ccode\u003e90092c0\u003c/code\u003e\u003c/a\u003e [vitest-pool-workers] Stop externalizing devDependencies from the published b...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/5ee65d572ce2718133de72c28705e2c9bda3d09b\"\u003e\u003ccode\u003e5ee65d5\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13969\"\u003e#13969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/workers-sdk/commit/e04e180d4adfe7d50db835508940e7ef7e9d9706\"\u003e\u003ccode\u003ee04e180\u003c/code\u003e\u003c/a\u003e [wrangler] Improve asset upload retry log message (\u003ca href=\"https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/13990\"\u003e#13990\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/workers-sdk/commits/wrangler@4.94.0/packages/wrangler\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for wrangler since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ai` from 4.3.16 to 6.0.191\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/ai/releases\"\u003eai's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eai@6.0.191\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [27a1b22]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​ai-sdk/gateway\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.0.120\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eai@6.0.190\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [33b10a2]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [f6e4146]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​ai-sdk/gateway\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.0.119\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eai@6.0.189\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e356c3cf: fix(ai): make input optional on input-streaming UIMessagePart variants\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eai@6.0.188\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ec98715a: Add \u003ccode\u003eallowSystemInMessages\u003c/code\u003e option to \u003ccode\u003eToolLoopAgent\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis exposes the same option that exists on \u003ccode\u003estreamText\u003c/code\u003e and \u003ccode\u003egenerateText\u003c/code\u003e, whether \u003ccode\u003erole: \u0026quot;system\u0026quot;\u003c/code\u003e messages are allowed in the \u003ccode\u003eprompt\u003c/code\u003e or \u003ccode\u003emessages\u003c/code\u003e fields. When unset, system messages are rejected because they can create a prompt injection attack risk. Ideally, use the \u003ccode\u003einstructions\u003c/code\u003e option instead. Set to \u003ccode\u003etrue\u003c/code\u003e to allow system messages, or \u003ccode\u003efalse\u003c/code\u003e to explicitly reject them.\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003econst agent = new ToolLoopAgent({\n  model,\n  allowSystemInMessages: true,\n});\n\u003cp\u003eawait agent.generate({\nmessages: [\n{ role: \u0026quot;system\u0026quot;, content: \u0026quot;Server context\u0026quot; },\n{ role: \u0026quot;user\u0026quot;, content: \u0026quot;Hello\u0026quot; },\n],\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe option can also be returned from \u003ccode\u003eprepareCall\u003c/code\u003e for dynamic per-call configuration.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eai@5.0.192\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [544fbab]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [1bdb6f7]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​ai-sdk/gateway\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.0.93\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/ai/blob/ai@6.0.191/packages/ai/CHANGELOG.md\"\u003eai's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.0.191\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [27a1b22]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​ai-sdk/gateway\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.0.120\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.190\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [33b10a2]\u003c/li\u003e\n\u003cli\u003eUpdated dependencies [f6e4146]\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​ai-sdk/gateway\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.0.119\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.189\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e356c3cf: fix(ai): make input optional on input-streaming UIMessagePart variants\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.188\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ec98715a: Add \u003ccode\u003eallowSystemInMessages\u003c/code\u003e option to \u003ccode\u003eToolLoopAgent\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThis exposes the same option that exists on \u003ccode\u003estreamText\u003c/code\u003e and \u003ccode\u003egenerateText\u003c/code\u003e, whether \u003ccode\u003erole: \u0026quot;system\u0026quot;\u003c/code\u003e messages are allowed in the \u003ccode\u003eprompt\u003c/code\u003e or \u003ccode\u003emessages\u003c/code\u003e fields. When unset, system messages are rejected because they can create a prompt injection attack risk. Ideally, use the \u003ccode\u003einstructions\u003c/code\u003e option instead. Set to \u003ccode\u003etrue\u003c/code\u003e to allow system messages, or \u003ccode\u003efalse\u003c/code\u003e to explicitly reject them.\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003econst agent = new ToolLoopAgent({\n  model,\n  allowSystemInMessages: true,\n});\n\u003cp\u003eawait agent.generate({\nmessages: [\n{ role: \u0026quot;system\u0026quot;, content: \u0026quot;Server context\u0026quot; },\n{ role: \u0026quot;user\u0026quot;, content: \u0026quot;Hello\u0026quot; },\n],\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe option can also be returned from \u003ccode\u003eprepareCall\u003c/code\u003e for dynamic per-call configuration.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.0.187\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [6f4bb06]\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/0838d52fe657c4f04891b78423fbc636a543851a\"\u003e\u003ccode\u003e0838d52\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15565\"\u003e#15565\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/1a3ec6d76fcc5333ac9b2751f3938cbe918efef2\"\u003e\u003ccode\u003e1a3ec6d\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15513\"\u003e#15513\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/bde7d0ff4882364a94e7aeea8ff2b0a7e89effb4\"\u003e\u003ccode\u003ebde7d0f\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15494\"\u003e#15494\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/356c3cf88884ba10cc1bac93d93e4b3a8c96ef94\"\u003e\u003ccode\u003e356c3cf\u003c/code\u003e\u003c/a\u003e Backport: fix(ai): make input optional on input-streaming UIMessagePart varia...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/93ad540ed13863363ebc0bd5a9c574a082602d27\"\u003e\u003ccode\u003e93ad540\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15489\"\u003e#15489\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/c98715ae5ecf19a18a7c31fa2ec30124e456188b\"\u003e\u003ccode\u003ec98715a\u003c/code\u003e\u003c/a\u003e Backport: [tool-loop-agent] adding support for messages with system role with...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/a15eda90f03049bfba99183b4fd308ca63372b86\"\u003e\u003ccode\u003ea15eda9\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15473\"\u003e#15473\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/917e487d1f8d29554b30d56b17e846e9c233c0c5\"\u003e\u003ccode\u003e917e487\u003c/code\u003e\u003c/a\u003e Backport CI speed improvements to release-v6.0 (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15455\"\u003e#15455\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/e33b836af7673d45eb90704574ffae5bdc6ba824\"\u003e\u003ccode\u003ee33b836\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15440\"\u003e#15440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/ai/commit/4a989451c5ef8c1b04d8a91e4e9301dc81708cfa\"\u003e\u003ccode\u003e4a98945\u003c/code\u003e\u003c/a\u003e Version Packages (\u003ca href=\"https://github.com/vercel/ai/tree/HEAD/packages/ai/issues/15406\"\u003e#15406\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/ai/commits/ai@6.0.191/packages/ai\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for ai since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebump version to 8.17.1 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2472\"\u003eajv-validator/ajv#2472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePlus everything in 8.17.0 which failed to release\u003c/h2\u003e\n\u003cp\u003eThe only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.\u003c/p\u003e\n\u003cp\u003eRevert \u0026quot;Revert fast-uri change (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2444\"\u003eajv-validator/ajv#2444\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2448\"\u003eajv-validator/ajv#2448\u003c/a\u003e\nfix: ignore new eslint error for \u003ccode\u003e@​typescript-eslint/no-extraneous-class\u003c/code\u003e by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2455\"\u003eajv-validator/ajv#2455\u003c/a\u003e\ndocs: clarify behaviour of addVocabulary by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2454\"\u003eajv-validator/ajv#2454\u003c/a\u003e\ndocs: refactor to improve legibility by \u003ca href=\"https://github.com/blottn\"\u003e\u003ccode\u003e@​blottn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2432\"\u003eajv-validator/ajv#2432\u003c/a\u003e\nFix grammatical typo in managing-schemas.md by \u003ca href=\"https://github.com/wetneb\"\u003e\u003ccode\u003e@​wetneb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2305\"\u003eajv-validator/ajv#2305\u003c/a\u003e\ndocs: Fix broken strict-mode link by \u003ca href=\"https://github.com/alexanderjsx\"\u003e\u003ccode\u003e@​alexanderjsx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2459\"\u003eajv-validator/ajv#2459\u003c/a\u003e\nfeat: add test for encoded refs and bump fast-uri by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2449\"\u003eajv-validator/ajv#2449\u003c/a\u003e\nfix: changes for \u003ccode\u003e@​typescript-eslint/array-type\u003c/code\u003e rule by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2467\"\u003eajv-validator/ajv#2467\u003c/a\u003e\nfixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2217\"\u003eajv-validator/ajv#2217\u003c/a\u003e - clarify custom keyword naming by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2457\"\u003eajv-validator/ajv#2457\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `body-parser` from 2.2.0 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/releases\"\u003ebody-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README links by \u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: release notes for the v1.20.4 release by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/674\"\u003eexpressjs/body-parser#674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update URL-encoded parser description to include ISO-8859-1 encoding support by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/679\"\u003eexpressjs/body-parser#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: use standard jsdoc tags everywhere by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/677\"\u003eexpressjs/body-parser#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@^6.14.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/689\"\u003eexpressjs/body-parser#689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/693\"\u003eexpressjs/body-parser#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.2.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/691\"\u003eexpressjs/body-parser#691\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\"\u003ehttps://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.1\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-13466\"\u003eCVE-2025-13466\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: add dependabot by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/593\"\u003eexpressjs/body-parser#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use full SHAs for github action versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/594\"\u003eexpressjs/body-parser#594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: type-is@^2.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/599\"\u003eexpressjs/body-parser#599\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/609\"\u003eexpressjs/body-parser#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/610\"\u003eexpressjs/body-parser#610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/611\"\u003eexpressjs/body-parser#611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/613\"\u003eexpressjs/body-parser#613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/612\"\u003eexpressjs/body-parser#612\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add codeql github workflows scanning by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/614\"\u003eexpressjs/body-parser#614\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update CodeQL config to ignore the test directory by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/615\"\u003eexpressjs/body-parser#615\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/620\"\u003eexpressjs/body-parser#620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/619\"\u003eexpressjs/body-parser#619\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): unpin devDependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/616\"\u003eexpressjs/body-parser#616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/621\"\u003eexpressjs/body-parser#621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/623\"\u003eexpressjs/body-parser#623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/624\"\u003eexpressjs/body-parser#624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/617\"\u003eexpressjs/body-parser#617\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/625\"\u003eexpressjs/body-parser#625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/630\"\u003eexpressjs/body-parser#630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: move common request validation to read function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/600\"\u003eexpressjs/body-parser#600\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump iconv-lite by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/631\"\u003eexpressjs/body-parser#631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: pull beta changelog forward into 2.0.0 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/629\"\u003eexpressjs/body-parser#629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: optimize raw and text parsers with shared passthrough function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/634\"\u003eexpressjs/body-parser#634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/640\"\u003eexpressjs/body-parser#640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/639\"\u003eexpressjs/body-parser#639\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/636\"\u003eexpressjs/body-parser#636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/637\"\u003eexpressjs/body-parser#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/638\"\u003eexpressjs/body-parser#638\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: raw-body@^3.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/641\"\u003eexpressjs/body-parser#641\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/blob/master/HISTORY.md\"\u003ebody-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.2.2 / 2026-01-07\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@^6.14.1\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.2.1 / 2025-11-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps:\n\u003cul\u003e\n\u003cli\u003etype-is@^2.0.1\u003c/li\u003e\n\u003cli\u003eiconv-lite@^0.7.0\n\u003cul\u003e\n\u003cli\u003eHandle split surrogate pairs when encoding UTF-8\u003c/li\u003e\n\u003cli\u003eAvoid false positives in \u003ccode\u003eencodingExists\u003c/code\u003e by using prototype-less objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eraw-body@^3.0.1\u003c/li\u003e\n\u003cli\u003edebug@^4.4.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/3d248660b2e8b66732b232d7c758517fbf2420a6\"\u003e\u003ccode\u003e3d24866\u003c/code\u003e\u003c/a\u003e 2.2.2 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/8474a984c3ba36a1b4328ce019833b99caa0f08f\"\u003e\u003ccode\u003e8474a98\u003c/code\u003e\u003c/a\u003e refactor(json): simplify strict mode error string construction (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/03f17c2538552a57e6be537afca8c7587bd40aaa\"\u003e\u003ccode\u003e03f17c2\u003c/code\u003e\u003c/a\u003e deps: qs@^6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/689\"\u003e#689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/ea1f25e503c1b2f7ba6f8562724ae0fcd247fb75\"\u003e\u003ccode\u003eea1f25e\u003c/code\u003e\u003c/a\u003e docs: use standard jsdoc tags everywhere (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d7deef8ec61307fa28c22bc443cf8ed2f267945a\"\u003e\u003ccode\u003ed7deef8\u003c/code\u003e\u003c/a\u003e docs: update URL-encoded parser description to include ISO-8859-1 encoding su...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b6f52aabc65137c5227c8a462bddb761daeb96e7\"\u003e\u003ccode\u003eb6f52aa\u003c/code\u003e\u003c/a\u003e docs: release notes for the v1.20.4 release (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/2965ca4af4883109cb2f651f4ce12da310902a0c\"\u003e\u003ccode\u003e2965ca4\u003c/code\u003e\u003c/a\u003e docs: update links (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d96b63da8d7445de317736471633bac83ec76cbb\"\u003e\u003ccode\u003ed96b63d\u003c/code\u003e\u003c/a\u003e 2.2.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b204886a6744b0b6d297cd0e849d75de836f3b63\"\u003e\u003ccode\u003eb204886\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2025-13466\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/e20e3512e085c1162e8ffe36ac65c705a8017251\"\u003e\u003ccode\u003ee20e351\u003c/code\u003e\u003c/a\u003e feat: remove \u003ccode\u003ehistory.md\u003c/code\u003e from being packaged on publish (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/660\"\u003e#660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/body-parser/compare/v2.2.0...v2.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit...\n\n_Description has been truncated_\n\n---\n\n📦 This PR updates 18 npm dependencies across the MCP server use case, including major version bumps for the Model Context Protocol SDK (1.13.1 → 1.29.0), Cloudflare Agents (0.0.100 → 0.3.10), and several other core dependencies to their latest versions.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Model Context Protocol SDK**: Major update from 1.13.1 to 1.29.0 with bug fixes, security improvements, and new extension capabilities\n- **Cloudflare Agents**: Significant version jump from 0.0.100 to 0.3.10 introducing Workflows integration, secure email routing, and improved state management\n- **Development Tools**: Updated Wrangler (4.23.0 → 4.94.0) and Vitest pool workers (0.8.53 → 0.16.9) for better development experience\n- **Security Updates**: Multiple packages received security patches including AJV, body-parser, and PostCSS\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify 18 Outdated Dependencies]\n    B --\u003e C[Update Direct Dependencies]\n    B --\u003e D[Update Transitive Dependencies]\n    C --\u003e E[MCP SDK 1.29.0]\n    C --\u003e F[Agents 0.3.10]\n    C --\u003e G[Wrangler 4.94.0]\n    D --\u003e H[Security Patches]\n    D --\u003e I[Performance Improvements]\n    E --\u003e J[Enhanced MCP Features]\n    F --\u003e K[Workflows Integration]\n    G --\u003e L[Better Dev Experience]\n    H --\u003e M[CVE Fixes]\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs and security vulnerabilities in dependencies like AJV and body-parser\n- **Feature Expansion**: New MCP SDK capabilities and Cloudflare Workflows integration enable more sophisticated agent behaviors\n- **Developer Experience**: Updated Wrangler with QR code tunnel sharing and improved debugging capabilities\n- **Stability Improvements**: Bug fixes across the dependency chain improve overall application reliability\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/context-engineering-intro/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fcontext-engineering-intro/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"1.12.1","new_version":"1.13.8","update_type":"minor","path":"/web","pr_created_at":"2026-05-25T06:55:49.000Z","version_change":"1.12.1 → 1.13.8","issue":{"uuid":"4514939743","node_id":"PR_kwDOBTb13s7e8ECi","number":172,"state":"closed","title":"build(deps): bump the web-npm-minor-patch group in /web with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-31T09:58:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-25T06:55:49.000Z","updated_at":"2026-05-31T09:58:54.000Z","time_to_close":529384,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"web-npm-minor-patch","update_count":9,"packages":[{"name":"file-saver","old_version":"2.0.2","new_version":"2.0.5","repository_url":"https://github.com/eligrey/FileSaver.js"},{"name":"js-beautify","old_version":"1.10.2","new_version":"1.15.4","repository_url":"https://github.com/beautifier/js-beautify"},{"name":"rxjs-compat","old_version":"6.5.3","new_version":"6.6.7"},{"name":"underscore","old_version":"1.12.1","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"@types/underscore","old_version":"1.9.4","new_version":"1.13.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"zone.js","old_version":"0.8.29","new_version":"0.16.2","repository_url":"https://github.com/angular/angular"},{"name":"@types/text-encoding-utf-8","old_version":"1.0.1","new_version":"1.0.5","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"karma-chrome-launcher","old_version":"3.1.0","new_version":"3.2.0","repository_url":"https://github.com/karma-runner/karma-chrome-launcher"},{"name":"sass","old_version":"1.89.2","new_version":"1.100.0","repository_url":"https://github.com/sass/dart-sass"}],"path":"/web","ecosystem":"npm"},"body":"Bumps the web-npm-minor-patch group in /web with 9 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-saver](https://github.com/eligrey/FileSaver.js) | `2.0.2` | `2.0.5` |\n| [js-beautify](https://github.com/beautifier/js-beautify) | `1.10.2` | `1.15.4` |\n| rxjs-compat | `6.5.3` | `6.6.7` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.12.1` | `1.13.8` |\n| [@types/underscore](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/underscore) | `1.9.4` | `1.13.0` |\n| [zone.js](https://github.com/angular/angular/tree/HEAD/packages/zone.js) | `0.8.29` | `0.16.2` |\n| [@types/text-encoding-utf-8](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/text-encoding-utf-8) | `1.0.1` | `1.0.5` |\n| [karma-chrome-launcher](https://github.com/karma-runner/karma-chrome-launcher) | `3.1.0` | `3.2.0` |\n| [sass](https://github.com/sass/dart-sass) | `1.89.2` | `1.100.0` |\n\nUpdates `file-saver` from 2.0.2 to 2.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eligrey/FileSaver.js/releases\"\u003efile-saver's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.4\u003c/h2\u003e\n\u003cp\u003echanges how it detect safari\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eligrey/FileSaver.js/blob/master/CHANGELOG.md\"\u003efile-saver's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eligrey/FileSaver.js/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-beautify` from 1.10.2 to 1.15.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/beautifier/js-beautify/releases\"\u003ejs-beautify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.3 🌈\u003c/h2\u003e\n\u003cp\u003eDowngrade \u003ccode\u003eglob\u003c/code\u003e to v10.x for Node.js 18.x support\u003c/p\u003e\n\u003ch2\u003ev1.15.2 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.15.1 🌈\u003c/h2\u003e\n\u003ch2\u003eHOTFIX\u003c/h2\u003e\n\u003cp\u003eMerged \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2288\"\u003e#2288\u003c/a\u003e to beautifier.io dropping \u003ccode\u003epolyfill.io\u003c/code\u003e  usage.\u003c/p\u003e\n\u003ch2\u003ev1.15.0 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.11 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.9 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.8 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.6 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.5 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.2 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.0 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.12.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.11.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/beautifier/js-beautify/blob/main/CHANGELOG.md\"\u003ejs-beautify's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade nopt to v7.x to maintain Node.js v14 compatibility (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2358\"\u003e#2358\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix node 18 support by downgrading glob to v10 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2350\"\u003e#2350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch SNYK-JS-CROSSSPAWN-8303230 issue brought it through old glob package (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease wheels on pypi (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2313\"\u003e#2313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eModuleNotFoundError: No module named 'setuptools.command.test' as of latest setuptools package release (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2301\"\u003e#2301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python]Compatible with setuptools\u0026gt;=72 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2300\"\u003e#2300\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTurn new angular templating off by default in html (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2247\"\u003e#2247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePerf regression in latest release (1.15.0) (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2246\"\u003e#2246\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2219\"\u003e#2219\u003c/a\u003e - formatting of new Angular control flow syntax (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2221\"\u003e#2221\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEditor not working \u003ca href=\"https://beautifier.io/\"\u003ehttps://beautifier.io/\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2201\"\u003e#2201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet nodejs minimum to v14 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInvalid prettification of object with unicode escape character as object key (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2159\"\u003e#2159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003einvalid json being generated with wrap_line_length (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1932\"\u003e#1932\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump semver and editorconfig (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate editorconfig package (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow to configure the \u0026quot;custom elements as inline elements\u0026quot; behavior (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2113\"\u003e#2113\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire nodejs v12 or greater (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2151\"\u003e#2151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCSS insideNonNestedAtRule generic variable  (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2147\"\u003e#2147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate dependencies (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2145\"\u003e#2145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI build (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2144\"\u003e#2144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2133\"\u003e#2133\u003c/a\u003e Theme Toggle on without_codemirror Mode (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2138\"\u003e#2138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003euse correct variable name (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2135\"\u003e#2135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: Fix a few typos (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for new record types (cont.) (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2118\"\u003e#2118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix - semicolon followed by block statement doesnt have new line (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2117\"\u003e#2117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix formatting related to the \u003c!-- raw HTML omitted --\u003e element (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eissue prettifying (function(){code();{code}})() (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1852\"\u003e#1852\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDoc: Updates web browser implementation examples (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2107\"\u003e#2107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHTML formatter breaks layout by introducing newlines (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1989\"\u003e#1989\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGlobs no longer work on Windows in 1.14.5 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/1eab9a1c5e360f375cd77cafc3921ec7558fb705\"\u003e\u003ccode\u003e1eab9a1\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/staging/main' into staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/b8174edb90f0f6fe05372ba61b1fbaa1793af5c3\"\u003e\u003ccode\u003eb8174ed\u003c/code\u003e\u003c/a\u003e Bump version numbers for 1.15.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/0f0b61a18e348087e87c55dd77045f73a393a96f\"\u003e\u003ccode\u003e0f0b61a\u003c/code\u003e\u003c/a\u003e Update Changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/11faca4ea08aaf86f4b547a5b0cf9518592fd8c9\"\u003e\u003ccode\u003e11faca4\u003c/code\u003e\u003c/a\u003e Downgrade nopt to maintain nodejs 14 support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/53bf08942f6dd2f502585ac459c3d98937a0476b\"\u003e\u003ccode\u003e53bf089\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2353\"\u003e#2353\u003c/a\u003e from beautifier/staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/bc8ce4b436d8a42ae8ee0d1da05bdb64fbaad684\"\u003e\u003ccode\u003ebc8ce4b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2352\"\u003e#2352\u003c/a\u003e from beautifier/staging/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/78748ead003a548236f4e106cc66b4df829b7e21\"\u003e\u003ccode\u003e78748ea\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/staging/main' into staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/f37ab9177821df250b1794ddac3f1bcc2a99eaab\"\u003e\u003ccode\u003ef37ab91\u003c/code\u003e\u003c/a\u003e Bump version numbers for 1.15.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/aaeb85b78864f91accae112b325769724e295acd\"\u003e\u003ccode\u003eaaeb85b\u003c/code\u003e\u003c/a\u003e Update Changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/dc9880bc5c376d6371c181824acb5e9b93a26073\"\u003e\u003ccode\u003edc9880b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2350\"\u003e#2350\u003c/a\u003e from weiwei/fix-node-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beautifier/js-beautify/compare/v1.10.2...v1.15.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rxjs-compat` from 6.5.3 to 6.6.7\n\nUpdates `underscore` from 1.12.1 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.12.1...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/underscore` from 1.9.4 to 1.13.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/underscore\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zone.js` from 0.8.29 to 0.16.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/angular/angular/blob/main/packages/zone.js/CHANGELOG.md\"\u003ezone.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.2 (2026-05-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(zone.js): support vitest patching in zone.js/testing (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/68395\"\u003e#68395\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/62c6e3b\"\u003e62c6e3b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/68395\"\u003e#68395\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/68395\"\u003e#68395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(zone.js): allow draining microtasks in \u003ccode\u003ePromise.then\u003c/code\u003e (through flag) (\u003ca href=\"https://github.com/angular/angular/commit/fc6a7ee\"\u003efc6a7ee\u003c/a\u003e), closes \u003ca href=\"https://github.com/angular/issues/45273\"\u003eangular#45273\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/44446\"\u003eangular#44446\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/55590\"\u003eangular#55590\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/51328\"\u003eangular#51328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.1 (2026-02-18)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(zone.js): support passthrough of Promise.try API (\u003ca href=\"https://github.com/angular/angular/commit/fc557f0\"\u003efc557f0\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/67057\"\u003e#67057\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.0 (2025-11-19)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(zone.js): Support jasmine v6 (\u003ca href=\"https://github.com/angular/angular/commit/48abe00\"\u003e48abe00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(zone.js): waitForAsync should pass args to the test function (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/61755\"\u003e#61755\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/3c216c1\"\u003e3c216c1\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/61755\"\u003e#61755\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/61717\"\u003e#61717\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/61755\"\u003e#61755\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): Add internal implementation for auto ticking fakeAsync (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/62135\"\u003e#62135\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/0a827f9\"\u003e0a827f9\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/62135\"\u003e#62135\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/62135\"\u003e#62135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): Improve missing proxy zone error for jest imported (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/64497\"\u003e#64497\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/ced2fa5\"\u003eced2fa5\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/64497\"\u003e#64497\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/47603\"\u003e#47603\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/64497\"\u003e#64497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): remove legacy browser support (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/63511\"\u003e#63511\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/2e46596\"\u003e2e46596\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/63511\"\u003e#63511\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63511\"\u003e#63511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): remove unused jasmine globalerror monkey patching. (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/63077\"\u003e#63077\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/9aef481\"\u003e9aef481\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/63077\"\u003e#63077\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63072\"\u003e#63072\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63077\"\u003e#63077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(zone.js): refactor tests to remove usage of shelljs (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/64042\"\u003e#64042\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/422a3b9\"\u003e422a3b9\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/64042\"\u003e#64042\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/64042\"\u003e#64042\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBREAKING CHANGE\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIE/Non-Chromium Edge are not supported anymore.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.15.0...zone.js-0.15.1\"\u003e0.15.1\u003c/a\u003e (2025-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e classes that extend Error should retain cause property (\u003ca href=\"https://redirect.github.com/angular/angular/issues/61599\"\u003e#61599\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/ad8931cb4968b2bd25b05dcd3d856ec32e4d7145\"\u003ead8931c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e more robust check for promise-like objects (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57388\"\u003e#57388\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/e608e6cfbbc9fba7c74bfef72f102a502e951e6c\"\u003ee608e6c\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/57385\"\u003e#57385\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e remove \u003ccode\u003eabort\u003c/code\u003e listener once fetch is settled (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57882\"\u003e#57882\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/69763491c3ffb576822b179af3363ec666d43bce\"\u003e6976349\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.14.10...zone.js-0.15.0\"\u003e0.15.0\u003c/a\u003e (2024-08-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e Add support for addition jest functions. (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57280\"\u003e#57280\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/e1240c6f5d9a3d68ccef7ffbf0a0646ad1164cd8\"\u003ee1240c6\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/57277\"\u003e#57277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e Update the default behavior of fakeAsync to flush after the test (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57240\"\u003e#57240\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/70e8b40750e894bc1439713cd508d8bd9fafb7a4\"\u003e70e8b40\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e \u003ccode\u003efakeAsync\u003c/code\u003e will now flush pending timers at the end of\nthe given function by default. To opt-out of this, you can use \u003ccode\u003e{flush: false}\u003c/code\u003e in options parameter of \u003ccode\u003efakeAsync\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.14.8...zone.js-0.14.10\"\u003e0.14.10\u003c/a\u003e (2024-08-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/angular/angular/commits/zone.js-0.16.2/packages/zone.js\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~google-wombot\"\u003egoogle-wombot\u003c/a\u003e, a new releaser for zone.js since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/text-encoding-utf-8` from 1.0.1 to 1.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/text-encoding-utf-8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/underscore` from 1.9.4 to 1.13.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/underscore\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `karma-chrome-launcher` from 3.1.0 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/releases\"\u003ekarma-chrome-launcher's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2023-04-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd process.env.ProgramW6432 as root location for binaries (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e12a73db\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.1.1\"\u003e3.1.1\u003c/a\u003e (2022-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eartificially trigger a release (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e83fdc3c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/blob/master/CHANGELOG.md\"\u003ekarma-chrome-launcher's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2023-04-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd process.env.ProgramW6432 as root location for binaries (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e12a73db\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.1.1\"\u003e3.1.1\u003c/a\u003e (2022-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eartificially trigger a release (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e83fdc3c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/e92a2b4c19d43fe47a3322a31f72d2a5bfcf77b0\"\u003e\u003ccode\u003ee92a2b4\u003c/code\u003e\u003c/a\u003e chore(release): 3.2.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e\u003ccode\u003e12a73db\u003c/code\u003e\u003c/a\u003e feat: add process.env.ProgramW6432 as root location for binaries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d193ef328ed9cb6474b59137e106cf67319f5262\"\u003e\u003ccode\u003ed193ef3\u003c/code\u003e\u003c/a\u003e build(deps): bump semver-regex from 3.1.3 to 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d1c05e372a4c3f1c784257f4127bab1ff0460afe\"\u003e\u003ccode\u003ed1c05e3\u003c/code\u003e\u003c/a\u003e build(deps): bump engine.io and karma\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/3f0cd9985703fae99d123530600c248f0df9209a\"\u003e\u003ccode\u003e3f0cd99\u003c/code\u003e\u003c/a\u003e build(deps): bump qs and body-parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/5f3cbb1df8a95ab212c8dbb8ff1f03efbaf9a3c6\"\u003e\u003ccode\u003e5f3cbb1\u003c/code\u003e\u003c/a\u003e chore(release): 3.1.1 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e\u003ccode\u003e83fdc3c\u003c/code\u003e\u003c/a\u003e fix: artificially trigger a release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/4dc0bd282c9a20e8ebdbbb0b636816959f498195\"\u003e\u003ccode\u003e4dc0bd2\u003c/code\u003e\u003c/a\u003e docs: fix Karma's url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/5400b23199c682bc6bc00739fd6a8d9f6c520bed\"\u003e\u003ccode\u003e5400b23\u003c/code\u003e\u003c/a\u003e docs: explain testing, linting and commit linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d2ad8c69f7f88e479ac6b40e4e699232d8a675c3\"\u003e\u003ccode\u003ed2ad8c6\u003c/code\u003e\u003c/a\u003e build: disallow \u003ccode\u003echore\u003c/code\u003e type commits\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sass` from 1.89.2 to 1.100.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sass/dart-sass/releases\"\u003esass's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDart Sass 1.100.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.100.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eWriting two compound selectors adjacent to one another without any whitespace between them, such as \u003ccode\u003e[class]a\u003c/code\u003e, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/adjacent-compounds\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#11000\"\u003efull changelog\u003c/a\u003e for changes in earlier releases.\u003c/p\u003e\n\u003ch2\u003eDart Sass 1.99.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.99.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for parent selectors (\u003ccode\u003e\u0026amp;\u003c/code\u003e) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#using_outside_nested_rule\"\u003ethe scoping root\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003ecalc\u003c/code\u003e or \u003ccode\u003eclamp\u003c/code\u003e are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in \u003ccode\u003ecalc()\u003c/code\u003e or \u003ccode\u003eclamp()\u003c/code\u003e function.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e, \u003ccode\u003e-url\u003c/code\u003e, \u003ccode\u003e-and\u003c/code\u003e, \u003ccode\u003e-or\u003c/code\u003e, or \u003ccode\u003e-not\u003c/code\u003e are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003eEXPRESSION\u003c/code\u003e, \u003ccode\u003eURL\u003c/code\u003e, and \u003ccode\u003eELEMENT\u003c/code\u003e, those that begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-ELEMENT\u003c/code\u003e, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn a future release, calls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e and \u003ccode\u003e-url\u003c/code\u003e will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCalls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-progid:...\u003c/code\u003e are deprecated.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1990\"\u003efull changelog\u003c/a\u003e for changes in earlier releases.\u003c/p\u003e\n\u003ch2\u003eDart Sass 1.98.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.98.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sass/dart-sass/blob/main/CHANGELOG.md\"\u003esass's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.100.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eWriting two compound selectors adjacent to one another without any whitespace\nbetween them, such as \u003ccode\u003e[class]a\u003c/code\u003e, is now deprecated. This was always an error\nin CSS and Sass only supported it by mistake.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/adjacent-compounds\"\u003ethe Sass website\u003c/a\u003e for\ndetails.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.99.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for parent selectors (\u003ccode\u003e\u0026amp;\u003c/code\u003e) at the root of the document. These are\nemitted as-is in the CSS output, where they're interpreted as \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#using_outside_nested_rule\"\u003ethe scoping\nroot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003ecalc\u003c/code\u003e or \u003ccode\u003eclamp\u003c/code\u003e are no longer forbidden. If\nsuch a function exists without a namespace in the current module, it will be\nused instead of the built-in \u003ccode\u003ecalc()\u003c/code\u003e or \u003ccode\u003eclamp()\u003c/code\u003e function.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e,\n\u003ccode\u003e-url\u003c/code\u003e, \u003ccode\u003e-and\u003c/code\u003e, \u003ccode\u003e-or\u003c/code\u003e, or \u003ccode\u003e-not\u003c/code\u003e are no longer forbidden. These were\noriginally intended to match vendor prefixes, but in practice no vendor\nprefixes for these functions ever existed in real browsers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003eEXPRESSION\u003c/code\u003e, \u003ccode\u003eURL\u003c/code\u003e, and \u003ccode\u003eELEMENT\u003c/code\u003e, those that\nbegin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-ELEMENT\u003c/code\u003e, as well as the same names with some\nlowercase letters are now deprecated, These are names conflict with plain CSS\nfunctions that have special syntax.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn a future release, calls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end\nwith \u003ccode\u003e-expression\u003c/code\u003e and \u003ccode\u003e-url\u003c/code\u003e will no longer have special parsing. For now,\nthese calls are deprecated if their behavior will change in the future.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCalls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-progid:...\u003c/code\u003e are\ndeprecated.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.98.0\u003c/h2\u003e\n\u003ch3\u003eCommand-Line Interface\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGracefully handle dependency loops in \u003ccode\u003e--watch\u003c/code\u003e mode.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/5fd18c75e31a855476059fb6fb0c6aa829292739\"\u003e\u003ccode\u003e5fd18c7\u003c/code\u003e\u003c/a\u003e Bump node engine requirement to \u0026gt;=20.19.0 and chokidar requirement to ^5.0.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/8c1d984e420d891c9c92ba1afc8b28e70a2afb78\"\u003e\u003ccode\u003e8c1d984\u003c/code\u003e\u003c/a\u003e Deprecate adjacent compound selectors (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2765\"\u003e#2765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/8e5f7180b4f3de4281d3454090548c03e9db8135\"\u003e\u003ccode\u003e8e5f718\u003c/code\u003e\u003c/a\u003e Bump postcss from 8.5.12 to 8.5.13 in /pkg/sass-parser (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2767\"\u003e#2767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/1447f9b42e89d693ce308bad9cbf8ec3e1db78c4\"\u003e\u003ccode\u003e1447f9b\u003c/code\u003e\u003c/a\u003e Bump postcss from 8.5.8 to 8.5.12 in /pkg/sass-parser (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2766\"\u003e#2766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/83c39fec93ab0dc183a46cff2bc468999ce53e20\"\u003e\u003ccode\u003e83c39fe\u003c/code\u003e\u003c/a\u003e Support the top-level parent selector (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2758\"\u003e#2758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/ec85871864ca16f8045e66ad329bd462e791bfa1\"\u003e\u003ccode\u003eec85871\u003c/code\u003e\u003c/a\u003e Bump EndBug/add-and-commit from 9 to 10 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2756\"\u003e#2756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/a604acd19ad2ce31ef2efe9aa5950b0c5fcc74a9\"\u003e\u003ccode\u003ea604acd\u003c/code\u003e\u003c/a\u003e [Function Name] Implement changes (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2731\"\u003e#2731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/5a81ae3348caab2131ee08c8c0141337420372b5\"\u003e\u003ccode\u003e5a81ae3\u003c/code\u003e\u003c/a\u003e Bump version to 1.98.0 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2754\"\u003e#2754\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/e25e71ddd86b29b6a91f189a1211656081d1932a\"\u003e\u003ccode\u003ee25e71d\u003c/code\u003e\u003c/a\u003e Update immutable to v5.1.5 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2753\"\u003e#2753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/43fac1a989ce2a9ee66d95d99f739881462ee3a8\"\u003e\u003ccode\u003e43fac1a\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2747\"\u003e#2747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sass/dart-sass/compare/1.89.2...1.100.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for sass since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/elkozmon/zoonavigator/pull/172","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/elkozmon%2Fzoonavigator/issues/172","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/172/packages"}},{"old_version":"1.9.1","new_version":"1.13.8","update_type":"minor","path":null,"pr_created_at":"2026-05-24T03:59:46.000Z","version_change":"1.9.1 → 1.13.8","issue":{"uuid":"4510430553","node_id":"PR_kwDON6Mqlc7euZmm","number":7,"state":"open","title":"Bump the npm_and_yarn group across 19 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T03:59:46.000Z","updated_at":"2026-05-24T04:03:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":16,"packages":[{"name":"bn.js","old_version":"4.11.9","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"underscore","old_version":"1.9.1","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"uuid","old_version":"3.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"axios","old_version":"0.21.1","new_version":"0.31.1","repository_url":"https://github.com/axios/axios"},{"name":"minimist","old_version":"1.2.5","new_version":"1.2.8","repository_url":"https://github.com/minimistjs/minimist"},{"name":"decode-uri-component","old_version":"0.2.0","new_version":"0.2.2","repository_url":"https://github.com/SamVerschueren/decode-uri-component"},{"name":"tmp","old_version":"0.0.33","new_version":"0.2.5","repository_url":"https://github.com/raszi/node-tmp"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"json-schema","old_version":"0.2.3","new_version":"0.4.0","repository_url":"https://github.com/kriszyp/json-schema"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [uuid](https://github.com/uuidjs/uuid) | `3.3.2` | `14.0.0` |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `0.31.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.0.33` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/web3-bzz directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [simple-get](https://github.com/feross/simple-get) | `2.8.1` | `2.8.2` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-core-helpers directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.6` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-core-subscriptions directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-eth directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth-abi directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-eth-ens directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth-iban directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3-eth-personal directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth2-beaconchain directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.5` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [form-data](https://github.com/form-data/form-data) | `2.3.3` | `3.0.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 8 updates in the /packages/web3-eth2-core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `0.31.1` |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.5` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [form-data](https://github.com/form-data/form-data) | `2.3.3` | `3.0.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-net directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-providers-http directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-providers-ipc directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-providers-ws directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3-shh directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/web3-utils directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [simple-get](https://github.com/feross/simple-get) | `2.8.1` | `2.8.2` |\n\n\nUpdates `bn.js` from 4.11.9 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/84ae31344a557abb78ddabe3bac923b7503e4fb5\"\u003e\u003ccode\u003e84ae313\u003c/code\u003e\u003c/a\u003e 4.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/967ed0a50a9400bbbd83b450550cf37f7fa178b9\"\u003e\u003ccode\u003e967ed0a\u003c/code\u003e\u003c/a\u003e fix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/61962320d7907a1a4d03a665782cb2733160c907\"\u003e\u003ccode\u003e6196232\u003c/code\u003e\u003c/a\u003e Fix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.9.1 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.9.1...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jgonggrijp\"\u003ejgonggrijp\u003c/a\u003e, a new releaser for underscore since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 3.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v3.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.21.1 to 0.31.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.31.1\u003c/h2\u003e\n\u003cp\u003eThis release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed \u003ccode\u003edist/\u003c/code\u003e artefacts along with Bower support.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBower \u0026amp; Committed \u003ccode\u003edist/\u003c/code\u003e Removed:\u003c/strong\u003e \u003ccode\u003edist/\u003c/code\u003e bundles are no longer committed to the repo, and \u003ccode\u003ebower.json\u003c/code\u003e plus the Grunt \u003ccode\u003epackage2bower\u003c/code\u003e task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9):\u003c/strong\u003e Tightened \u003ccode\u003eisFormData\u003c/code\u003e to reject plain/null-prototype objects and require \u003ccode\u003eappend\u003c/code\u003e, and guarded the Node HTTP adapter so \u003ccode\u003edata.getHeaders()\u003c/code\u003e is only merged when it is not inherited from \u003ccode\u003eObject.prototype\u003c/code\u003e. Blocks injected headers via polluted \u003ccode\u003egetHeaders\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf):\u003c/strong\u003e \u003ccode\u003emergeConfig\u003c/code\u003e, defaults resolution, and the HTTP adapter now uses own-property checks for \u003ccode\u003etransport\u003c/code\u003e, \u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eBlob\u003c/code\u003e, \u003ccode\u003eformSerializer\u003c/code\u003e, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFormData / Params Recursion DoS:\u003c/strong\u003e Added a configurable \u003ccode\u003emaxDepth\u003c/code\u003e (default \u003ccode\u003e100\u003c/code\u003e, \u003ccode\u003eInfinity\u003c/code\u003e disables) to \u003ccode\u003etoFormData\u003c/code\u003e and params serialisation, throwing \u003ccode\u003eAxiosError\u003c/code\u003e with code \u003ccode\u003eERR_FORM_DATA_DEPTH_EXCEEDED\u003c/code\u003e when exceeded. Circular-reference detection is preserved. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNull-Byte Injection in Query Strings:\u003c/strong\u003e Removed the unsafe \u003ccode\u003e%00\u003c/code\u003e → null-byte substitution from \u003ccode\u003eAxiosURLSearchParams.encode\u003c/code\u003e so \u003ccode\u003e%00\u003c/code\u003e is preserved as-is. Other encoding behaviour (including \u003ccode\u003e%20\u003c/code\u003e → \u003ccode\u003e+\u003c/code\u003e) unchanged. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConsolidated v1 Security Backport:\u003c/strong\u003e Rolls up remaining v1 hardenings into \u003ccode\u003ev0.x\u003c/code\u003e: \u003ccode\u003emaxContentLength\u003c/code\u003e enforcement for \u003ccode\u003eresponseType: 'stream'\u003c/code\u003e via a guarded transform with deferred piping, \u003ccode\u003emaxBodyLength\u003c/code\u003e enforcement for streamed uploads on native \u003ccode\u003ehttp\u003c/code\u003e/\u003ccode\u003ehttps\u003c/code\u003e with \u003ccode\u003emaxRedirects: 0\u003c/code\u003e, and stricter \u003ccode\u003ewithXSRFToken\u003c/code\u003e handling so only own boolean \u003ccode\u003etrue\u003c/code\u003e enables cross-origin XSRF headers. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCODEOWNERS:\u003c/strong\u003e Added \u003ccode\u003e.github/CODEOWNERS\u003c/code\u003e with \u003ccode\u003e* @jasonsaayman\u003c/code\u003e to set a default reviewer for all paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.0...v0.31.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eThis release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and \u003ccode\u003ezizmor\u003c/code\u003e scanning, resolves TypeScript typing issues in \u003ccode\u003eAxiosInstance\u003c/code\u003e, and fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection \u0026amp; Proxy Bypass:\u003c/strong\u003e Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper \u003ccode\u003eNO_PROXY\u003c/code\u003e/\u003ccode\u003eno_proxy\u003c/code\u003e enforcement covering wildcards, explicit ports, loopback aliases (\u003ccode\u003elocalhost\u003c/code\u003e, \u003ccode\u003e127.0.0.1\u003c/code\u003e, \u003ccode\u003e::1\u003c/code\u003e), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and \u003ccode\u003eparsed.host\u003c/code\u003e is used for correct port and IPv6 handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10688\"\u003e#10688\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e SHA-pins all actions and disables credential persistence in v0.x CI, introduces \u003ccode\u003ezizmor\u003c/code\u003e security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required \u003ccode\u003enpm-publish\u003c/code\u003e GitHub Environment with configurable reviewer protections. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eTypeScript — \u003ccode\u003eAxiosInstance\u003c/code\u003e Return Types:\u003c/strong\u003e Fixes return types in \u003ccode\u003eAxiosInstance\u003c/code\u003e methods to correctly resolve to \u003ccode\u003ePromise\u0026lt;R\u0026gt;\u003c/code\u003e (matching \u003ccode\u003eAxiosPromise\u0026lt;T\u0026gt;\u003c/code\u003e semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance:\u003c/strong\u003e Fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e that caused excessive computation when the argument was a large string. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eVersioning \u0026amp; CI Workflow:\u003c/strong\u003e Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10690\"\u003e#10690\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10691\"\u003e#10691\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/nakataki17\"\u003e\u003ccode\u003e@​nakataki17\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/gmasclet\"\u003e\u003ccode\u003e@​gmasclet\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ivan-churakov\"\u003e\u003ccode\u003e@​ivan-churakov\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.30.3...v0.31.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/a589dc525af12e0fabef7d6e5be028ad433eee31\"\u003e\u003ccode\u003ea589dc5\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.31.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10766\"\u003e#10766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b0c632f36a5ea2e73c9bdf3a54164a8ede925736\"\u003e\u003ccode\u003eb0c632f\u003c/code\u003e\u003c/a\u003e fix: backport security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b52187f4571b6b8663fed5904e3082ab30660364\"\u003e\u003ccode\u003eb52187f\u003c/code\u003e\u003c/a\u003e fix: harden config merging (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e3ddeb40f6a142a234925341151e2ca631a6de64\"\u003e\u003ccode\u003ee3ddeb4\u003c/code\u003e\u003c/a\u003e fix: header security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f4f2d76e25cc0f777e5416e2d76282ab873ef9dc\"\u003e\u003ccode\u003ef4f2d76\u003c/code\u003e\u003c/a\u003e chore: stop committing dist/ and remove bower (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1f2f64433e5be205d74471c78c2721909282b9c0\"\u003e\u003ccode\u003e1f2f644\u003c/code\u003e\u003c/a\u003e chore: add CODEOWNERS (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44bca902e1bdd7dd6490c7b4985b63e729b0e634\"\u003e\u003ccode\u003e44bca90\u003c/code\u003e\u003c/a\u003e fix: improve regex in AxiosURLSearchParams (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4c4f07fabdb005f5430bab797f12b55e2ed5fb33\"\u003e\u003ccode\u003e4c4f07f\u003c/code\u003e\u003c/a\u003e fix: form data recursion (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5073eca0edd37b13a0e39dcb48794d779b7dff8d\"\u003e\u003ccode\u003e5073eca\u003c/code\u003e\u003c/a\u003e chore: release v0.31.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10697\"\u003e#10697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b57eb1a93214c9d6840035add0cc705fa9d6d697\"\u003e\u003ccode\u003eb57eb1a\u003c/code\u003e\u003c/a\u003e ci: update branch name (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.21.1...v0.31.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimist` from 1.2.5 to 1.2.8\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md\"\u003eminimist's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.7...v1.2.8\"\u003ev1.2.8\u003c/a\u003e - 2023-02-09\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/17\"\u003e\u003ccode\u003e[#17](https://github.com/minimistjs/minimist/issues/17)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/12\"\u003e\u003ccode\u003e[#12](https://github.com/minimistjs/minimist/issues/12)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/10\"\u003e\u003ccode\u003e[#10](https://github.com/minimistjs/minimist/issues/10)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/8\"\u003e\u003ccode\u003e[#8](https://github.com/minimistjs/minimist/issues/8)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/10\"\u003e#10\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/9\"\u003e\u003ccode\u003e[#9](https://github.com/minimistjs/minimist/issues/9)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Fix handling of short option with non-trivial equals \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/5\"\u003e\u003ccode\u003e[#5](https://github.com/minimistjs/minimist/issues/5)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/8\"\u003e\u003ccode\u003e[#8](https://github.com/minimistjs/minimist/issues/8)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/9\"\u003e\u003ccode\u003e[#9](https://github.com/minimistjs/minimist/issues/9)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMerge tag 'v0.2.3' \u003ca href=\"https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da\"\u003e\u003ccode\u003ea026794\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation and whitespace \u003ca href=\"https://github.com/minimistjs/minimist/commit/5368ca4147e974138a54cc0dc4cea8f756546b70\"\u003e\u003ccode\u003e5368ca4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation and whitespace \u003ca href=\"https://github.com/minimistjs/minimist/commit/e5f5067259ceeaf0b098d14bec910f87e58708c7\"\u003e\u003ccode\u003ee5f5067\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] more cleanup \u003ca href=\"https://github.com/minimistjs/minimist/commit/62fde7d935f83417fb046741531a9e2346a36976\"\u003e\u003ccode\u003e62fde7d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] more cleanup \u003ca href=\"https://github.com/minimistjs/minimist/commit/36ac5d0d95e4947d074e5737d94814034ca335d1\"\u003e\u003ccode\u003e36ac5d0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/73923d223553fca08b1ba77e3fbc2a492862ae4c\"\u003e\u003ccode\u003e73923d2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] add reusable workflows \u003ca href=\"https://github.com/minimistjs/minimist/commit/d80727df77bfa9e631044d7f16368d8f09242c91\"\u003e\u003ccode\u003ed80727d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] add eslint; rules to enable later are warnings \u003ca href=\"https://github.com/minimistjs/minimist/commit/48bc06a1b41f00e9cdf183db34f7a51ba70e98d4\"\u003e\u003ccode\u003e48bc06a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation \u003ca href=\"https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982\"\u003e\u003ccode\u003e34b0f1c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] rename and add badges \u003ca href=\"https://github.com/minimistjs/minimist/commit/5df0fe49211bd09a3636f8686a7cb3012c3e98f0\"\u003e\u003ccode\u003e5df0fe4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] switch from \u003ccode\u003ecovert\u003c/code\u003e to \u003ccode\u003enyc\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/a48b128fdb8d427dfb20a15273f83e38d97bef07\"\u003e\u003ccode\u003ea48b128\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ecovert\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e; remove unnecessary \u003ccode\u003etap\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/f0fb958e9a1fe980cdffc436a211b0bda58f621b\"\u003e\u003ccode\u003ef0fb958\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] create FUNDING.yml; add \u003ccode\u003efunding\u003c/code\u003e in package.json \u003ca href=\"https://github.com/minimistjs/minimist/commit/3639e0c819359a366387e425ab6eabf4c78d3caa\"\u003e\u003ccode\u003e3639e0c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] use \u003ccode\u003enpmignore\u003c/code\u003e to autogenerate an npmignore file \u003ca href=\"https://github.com/minimistjs/minimist/commit/be2e038c342d8333b32f0fde67a0026b79c8150e\"\u003e\u003ccode\u003ebe2e038\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/minimistjs/minimist/commit/282b570e7489d01b03f2d6d3dabf79cd3e5f84cf\"\u003e\u003ccode\u003e282b570\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eisConstructorOrProto adapted from PR \u003ca href=\"https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11\"\u003e\u003ccode\u003eef9153f\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79\"\u003e\u003ccode\u003e098873c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/3124ed3e46306301ebb3c834874ce0241555c2c4\"\u003e\u003ccode\u003e3124ed3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/4b927de696d561c636b4f43bf49d4597cb36d6d6\"\u003e\u003ccode\u003e4b927de\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add \u003ccode\u003eaud\u003c/code\u003e in \u003ccode\u003eposttest\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/b32d9bd0ab340f4e9f8c3a97ff2a4424f25fab8c\"\u003e\u003ccode\u003eb32d9bd\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] update repo URLs \u003ca href=\"https://github.com/minimistjs/minimist/commit/f9fdfc032c54884d9a9996a390c63cd0719bbe1a\"\u003e\u003ccode\u003ef9fdfc0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] Avoid 0.6 tests due to build failures \u003ca href=\"https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec\"\u003e\u003ccode\u003eba92fe6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003etape\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/950eaa74f112e04d23e9c606c67472c46739b473\"\u003e\u003ccode\u003e950eaa7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] add missing \u003ccode\u003enpmignore\u003c/code\u003e dev dep \u003ca href=\"https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b\"\u003e\u003ccode\u003e3226afa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge tag 'v0.2.2' \u003ca href=\"https://github.com/minimistjs/minimist/commit/980d7ac61a0b4bd552711251ac107d506b23e41f\"\u003e\u003ccode\u003e980d7ac\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.6...v1.2.7\"\u003ev1.2.7\u003c/a\u003e - 2022-10-10\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/6901ee286bc4c16da6830b48b46ce1574703cea1\"\u003e\u003ccode\u003e6901ee2\u003c/code\u003e\u003c/a\u003e v1.2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da\"\u003e\u003ccode\u003ea026794\u003c/code\u003e\u003c/a\u003e Merge tag 'v0.2.3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/c0b26618322e94adea26c68e613ef0be482c6c63\"\u003e\u003ccode\u003ec0b2661\u003c/code\u003e\u003c/a\u003e v0.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/63b8fee87b8e7a003216d5d77ba5d6decf3cfb0d\"\u003e\u003ccode\u003e63b8fee\u003c/code\u003e\u003c/a\u003e [Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/72239e6f0ea77d8be0ad4f682b7ae7d142144395\"\u003e\u003ccode\u003e72239e6\u003c/code\u003e\u003c/a\u003e [Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982\"\u003e\u003ccode\u003e34b0f1c\u003c/code\u003e\u003c/a\u003e [eslint] fix indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b\"\u003e\u003ccode\u003e3226afa\u003c/code\u003e\u003c/a\u003e [Dev Deps] add missing \u003ccode\u003enpmignore\u003c/code\u003e dev dep\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79\"\u003e\u003ccode\u003e098873c\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/9ec4d279ced72ea2f60237218e71cc03aa0dfdd6\"\u003e\u003ccode\u003e9ec4d27\u003c/code\u003e\u003c/a\u003e [Fix] Fix long option followed by single dash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec\"\u003e\u003ccode\u003eba92fe6\u003c/code\u003e\u003c/a\u003e [actions] Avoid 0.6 tests due to build failures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for minimist since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decode-uri-component` from 0.2.0 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/releases\"\u003edecode-uri-component's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent overwriting previously decoded tokens  980e0bf\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to GitHub workflows  76abc93\u003c/li\u003e\n\u003cli\u003eFix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e  746ca5d\u003c/li\u003e\n\u003cli\u003eUpdate license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)  486d7e2\u003c/li\u003e\n\u003cli\u003eTidelift tasks  a650457\u003c/li\u003e\n\u003cli\u003eMeta tweaks  66e1c28\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a0eea469d26eb0df668b081672cdb9581feb78eb\"\u003e\u003ccode\u003ea0eea46\u003c/code\u003e\u003c/a\u003e 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/980e0bf09b64d94f1aa79012f895816c30ffd152\"\u003e\u003ccode\u003e980e0bf\u003c/code\u003e\u003c/a\u003e Prevent overwriting previously decoded tokens\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/3c8a373dd4837e89b3f970e01295dd03e1405a33\"\u003e\u003ccode\u003e3c8a373\u003c/code\u003e\u003c/a\u003e 0.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/76abc939783fe3900fadb7d384a74d324d5557f3\"\u003e\u003ccode\u003e76abc93\u003c/code\u003e\u003c/a\u003e Switch to GitHub workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9\"\u003e\u003ccode\u003e746ca5d\u003c/code\u003e\u003c/a\u003e Fix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/486d7e26d3a8c0fbe860fb651fe1bc98c2f2be30\"\u003e\u003ccode\u003e486d7e2\u003c/code\u003e\u003c/a\u003e Update license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a65045724e6234acef87f31da499d4807b20b134\"\u003e\u003ccode\u003ea650457\u003c/code\u003e\u003c/a\u003e Tidelift tasks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/66e1c2834c0e189201cb65196ec3101372459b02\"\u003e\u003ccode\u003e66e1c28\u003c/code\u003e\u003c/a\u003e Meta tweaks\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.0.33 to 0.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md\"\u003etmp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2 (2024-02-28)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/278\"\u003e#278\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/268\"\u003e#268\u003c/a\u003e: Revert \u0026quot;fix \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/246\"\u003e#246\u003c/a\u003e: remove any double quotes or single quotes… (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/279\"\u003e#279\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/266\"\u003e#266\u003c/a\u003e: move paragraph on graceful cleanup to the head of the documentation (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 5\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDave Nicolson (\u003ca href=\"https://github.com/dnicolson\"\u003e\u003ccode\u003e@​dnicolson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKARASZI István (\u003ca href=\"https://github.com/raszi\"\u003e\u003ccode\u003e@​raszi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaxime Bargiel (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/robertoaceves\"\u003e\u003ccode\u003e@​robertoaceves\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.1 (2020-04-28)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/252\"\u003e#252\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/250\"\u003e#250\u003c/a\u003e: introduce tmpdir option for overriding the system tmp dir (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/253\"\u003e#253\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/191\"\u003e#191\u003c/a\u003e: generate changelog from pull requests using lerna-changelog (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.0 (2020-04-25)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/234\"\u003e#234\u003c/a\u003e feat: stabilize tmp for v0.2.0 release (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/231\"\u003e#231\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/230\"\u003e#230\u003c/a\u003e: regression after fix for \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/220\"\u003e#220\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e: return sync callback when using the sync interface, otherwise return the async callback (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/193\"\u003e#193\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/192\"\u003e#192\u003c/a\u003e: tmp must not exit the process on its own (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/221\"\u003e#221\u003c/a\u003e Gh 206 document name option (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/226\"\u003e#226\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/212\"\u003e#212\u003c/a\u003e: enable direct name option test (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/225\"\u003e#225\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/211\"\u003e#211\u003c/a\u003e: existing tests must clean up after themselves (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/224\"\u003e#224\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/217\"\u003e#217\u003c/a\u003e: name tests must use tmpName (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/223\"\u003e#223\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/214\"\u003e#214\u003c/a\u003e: refactor tests and lib (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/198\"\u003e#198\u003c/a\u003e Update dependencies to latest versions (\u003ca href=\"https://github.com/matsev\"\u003e\u003ccode\u003e@​matsev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787\"\u003e\u003ccode\u003e1cf4ec5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\"\u003e\u003ccode\u003e188b25e\u003c/code\u003e\u003c/a\u003e Fix GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa\"\u003e\u003ccode\u003e73b9fe4\u003c/code\u003e\u003c/a\u003e Add test case for GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b8e2f29a7575352e49e4882a836aab4bd2ec927f\"\u003e\u003ccode\u003eb8e2f29\u003c/code\u003e\u003c/a\u003e Remove broken tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/2892a027b4d2d3a25d1d08a398bc108a0200857f\"\u003e\u003ccode\u003e2892a02\u003c/code\u003e\u003c/a\u003e Remove outdated URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/f5923182461a89e9de5a7a09c75f410a76979ae7\"\u003e\u003ccode\u003ef592318\u003c/code\u003e\u003c/a\u003e Reformat package.json\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.0.33...v0.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.13.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/37caaad57dc37d350d9a4577a5da53f482bb2983\"\u003e\u003ccode\u003e37caaad\u003c/code\u003e\u003c/a\u003e 3.14.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/094c0f7a79e6ff9e2b4d50b22686d2586894b58f\"\u003e\u003ccode\u003e094c0f7\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9586ebe23298427d26b3479979bd6499bf3a14c2\"\u003e\u003ccode\u003e9586ebe\u003c/code\u003e\u003c/a\u003e Avoid calling hasOwnProperty of user-controlled objects\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/34e5072f43fd36b08aaaad433da73c10d47c41e5\"\u003e\u003ccode\u003e34e5072\u003c/code\u003e\u003c/a\u003e 3.14.0 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/7b25c83a6dc77097c2bf14bf714e168f60ee199b\"\u003e\u003ccode\u003e7b25c83\u003c/code\u003e\u003c/a\u003e Browser files rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/6f7347396867b8dcfc042722c2aae810dfe4caae\"\u003e\u003ccode\u003e6f73473\u003c/code\u003e\u003c/a\u003e Dev deps bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/0c293491d903cddcd41b41c165bc45eeb9a8d720\"\u003e\u003ccode\u003e0c29349\u003c/code\u003e\u003c/a\u003e Travis-CI: drop old nodejs versions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.13.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json-schema` from 0.2.3 to 0.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa\"\u003e\u003ccode\u003ef6f6a3b\u003c/code\u003e\u003c/a\u003e Use a little more robust method of checking instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/ef60987a9a14b9d9c739384460044ba53cd9b9a2\"\u003e\u003ccode\u003eef60987\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a\"\u003e\u003ccode\u003eb62f1da\u003c/code\u003e\u003c/a\u003e Protect against constructor modification, \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/84\"\u003e#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/fb427cd4d175684786e4b2538718e72453e825e9\"\u003e\u003ccode\u003efb427cd\u003c/code\u003e\u003c/a\u003e Link to json-schema-org repository in addition to site, fixes \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/54\"\u003e#54\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741\"\u003e\u003ccode\u003e22f1461\u003c/code\u003e\u003c/a\u003e Don't allow \u003cstrong\u003eproto\u003c/strong\u003e property to be used for schema default/coerce, fixes \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/84\"\u003e#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/c52a27c653428149e4f9fb776d5e110d04639a9c\"\u003e\u003ccode\u003ec52a27c\u003c/code\u003e\u003c/a\u003e Get basic test to pass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/b3f42b3331608fe83b6cc267c5fc513ec1b839ed\"\u003e\u003ccode\u003eb3f42b3\u003c/code\u003e\u003c/a\u003e Add security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/3b0cec3042a5aac5c967fd43475f5edc4c5b6eff\"\u003e\u003ccode\u003e3b0cec3\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/c28470f2d64bace29c73d140f9c6876e3c3a9fef\"\u003e\u003ccode\u003ec28470f\u003c/code\u003e\u003c/a\u003e Update readme to acknowledge the state of the package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/7dff9cd2c35c31ff3c43fa4e38737c94283dd3d3\"\u003e\u003ccode\u003e7dff9cd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/81\"\u003e#81\u003c/a\u003e from hodovani/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kriszyp/json-schema/compare/v0.2.3...v0.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimist` from 1.2.5 to 1.2.8\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md\"\u003eminimist's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.7...v1.2.8\"\u003ev1.2.8\u003c/a\u003e - 2023-02-09\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/17\"\u003e\u003ccode\u003e[#17](https://github.com/minimistjs/minimist/issues/17)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/12\"\u003e\u003ccode\u003e[#12](https://github.com/minimistjs/minimist/issues/12)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/10\"\u003e\u003ccode\u003e[#10](https://github.com/minimistjs/minimist/issues/10)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e) \u003ca href=\"https://...\n\n_Description has been truncated_\n\u003c!-- devin-review-badge-begin --\u003e\n\n---\n\n\u003ca href=\"https://app.devin.ai/review/cyptopimpinainteazy/dextoolsweb3.js/pull/7\" target=\"_blank\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1\"\u003e\n    \u003cimg src=\"https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1\" alt=\"Open in Devin Review\"\u003e\n  \u003c/picture\u003e\n\u003c/a\u003e\n\u003c!-- devin-review-badge-end --\u003e\n\n\u003c!-- RECURSEML_SUMMARY:START --\u003e\n## High-level PR Summary\nThis PR updates 16 npm packages across 19 directories in a monorepo to address security vulnerabilities and improve dependency versions. Key updates include `underscore` (1.9.1 → 1.13.8), `uuid` (3.3.2 → 14.0.0), `axios` (0.21.1 → 0.31.1), `bn.js` (4.11.9 → 4.12.3), `minimist` (1.2.5 → 1.2.8), `decode-uri-component` (0.2.0 → 0.2.2), `tmp` (0.0.33/0.2.1 → 0.2.5), `js-yaml` (3.13.1/3.14.1 → 3.14.2), and `json-schema` (0.2.3 → 0.4.0). Several development dependencies including `karma`, `lerna`, and `mocha` are also upgraded in the root package. Some packages have `underscore` removed as a direct dependency where appropriate.\n\n⏱️ Estimated Review Time: 30-90 minutes\n\n\u003cdetails\u003e\n\u003csummary\u003e💡 Review Order Suggestion\u003c/summary\u003e\n\n| Order | File Path |\n|-------|-----------|\n| 1 | `package.json` |\n| 2 | `package-lock.json` |\n| 3 | `packages/web3-eth2-core/package.json` |\n| 4 | `packages/web3-eth-accounts/package.json` |\n| 5 | `packages/web3-bzz/package.json` |\n| 6 | `packages/web3-core-helpers/package.json` |\n| 7 | `packages/web3-core-method/package.json` |\n| 8 | `packages/web3-core-requestmanager/package.json` |\n| 9 | `packages/web3-core-requestmanager/package-lock.json` |\n| 10 | `packages/web3-core-subscriptions/package.json` |\n| 11 | `packages/web3-eth-abi/package.json` |\n| 12 | `packages/web3-eth-ens/package.json` |\n| 13 | `packages/web3-eth-iban/package.json` |\n| 14 | `packages/web3-eth-contract/package.json` |\n| 15 | `packages/web3-eth/package.json` |\n| 16 | `packages/web3-providers-ipc/package.json` |\n| 17 | `packages/web3-providers-ws/package.json` |\n| 18 | `packages/web3-providers-http/package.json` |\n| 19 | `packages/web3-utils/package.json` |\n| 20 | `packages/web3-net/package.json` |\n| 21 | `packages/web3-core/package.json` |\n| 22 | `packages/web3-bzz/package-lock.json` |\n| 23 | `packages/web3-core-helpers/package-lock.json` |\n| 24 | `packages/web3-core-subscriptions/package-lock.json` |\n| 25 | `packages/web3-core/package-lock.json` |\n| 26 | `packages/web3-eth-abi/package-lock.json` |\n| 27 | `packages/web3-eth-accounts/package-lock.json` |\n| 28 | `packages/web3-eth-contract/package-lock.json` |\n| 29 | `packages/web3-eth-ens/package-lock.json` |\n| 30 | `packages/web3-eth-iban/package-lock.json` |\n| 31 | `packages/web3-eth-personal/package-lock.json` |\n| 32 | `packages/web3-eth2-beaconchain/package-lock.json` |\n| 33 | `packages/web3-eth2-core/package-lock.json` |\n| 34 | `packages/web3-eth/package-lock.json` |\n| 35 | `packages/web3-net/package-lock.json` |\n| 36 | `packages/web3-providers-http/package-lock.json` |\n| 37 | `packages/web3-providers-ipc/package-lock.json` |\n| 38 | `packages/web3-providers-ws/package-lock.json` |\n| 39 | `packages/web3-shh/package-lock.json` |\n| 40 | `packages/web3-utils/package-lock.json` |\n| 41 | `packages/web3/package-lock.json` |\n\u003c/details\u003e\n\n\n\n[![Need help? Join our Discord](https://img.shields.io/badge/Need%20help%3F%20Join%20our%20Discord-5865F2?style=plastic\u0026logo=discord\u0026logoColor=white)](https://discord.gg/n3SsVDAW6U)\n\n\u003c!-- RECURSEML_SUMMARY:END --\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate third-party deps across the monorepo to pick up security fixes and modernize tooling. Key bumps include `underscore@1.13.8`, `axios@0.31.1`, `bn.js@4.12.3`, and `uuid@14.0.0`, plus some `web3-*` packages now target `1.10.x`.\n\n- **Dependencies**\n  - Security: `axios@0.31.1`, `js-yaml@3.14.2`, `json-schema@0.4.0`, `minimist@1.2.8`, `decode-uri-component@0.2.2`.\n  - Libs: `underscore@1.13.8`, `bn.js@4.12.3`, `min-document@2.19.2`, `simple-get@2.8.2`.\n  - Tooling: `karma@6.4.4`, `lerna@9.0.7`, `mocha@11.7.6`.\n  - Internal alignment: some modules now depend on `web3-core(-helpers|-method|-requestmanager)@1.10.3` and `web3-utils@1.10.4`.\n\n- **Migration**\n  - `uuid@14` requires Node 20+ and a global `crypto`. Use ESM import: `import { v4 as uuidv4 } from 'uuid'`. If you must stay on Node \u003c20 or CommonJS, pin to an earlier `uuid` or add a polyfill.\n  - Ensure CI/runtime uses Node 20+ where `uuid` is used.\n  - Verify consumers are compatible with the `web3-*` `1.10.x` dependencies to avoid version mismatches.\n\n\u003csup\u003eWritten for commit 4b49a421c6cc241b527b823229eaef5eb724db0b. Summary will update on new commits. \u003ca href=\"https://cubic.dev/pr/Cyptopimpinainteazy/DEXTOOLSweb3.js/pull/7?utm_source=github\"\u003eReview in cubic\u003c/a\u003e\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/Cyptopimpinainteazy/DEXTOOLSweb3.js/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyptopimpinainteazy%2FDEXTOOLSweb3.js/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"1.9.1","new_version":"1.13.8","update_type":"minor","path":null,"pr_created_at":"2026-05-24T03:58:09.000Z","version_change":"1.9.1 → 1.13.8","issue":{"uuid":"4510426467","node_id":"PR_kwDON6Mqlc7euYzN","number":6,"state":"closed","title":"Bump the npm_and_yarn group across 18 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-24T03:59:51.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-24T03:58:09.000Z","updated_at":"2026-05-24T04:01:52.000Z","time_to_close":102,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":16,"packages":[{"name":"bn.js","old_version":"4.11.9","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"underscore","old_version":"1.9.1","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"uuid","old_version":"3.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"axios","old_version":"0.21.1","new_version":"0.31.1","repository_url":"https://github.com/axios/axios"},{"name":"minimist","old_version":"1.2.5","new_version":"1.2.8","repository_url":"https://github.com/minimistjs/minimist"},{"name":"decode-uri-component","old_version":"0.2.0","new_version":"0.2.2","repository_url":"https://github.com/SamVerschueren/decode-uri-component"},{"name":"tmp","old_version":"0.0.33","new_version":"0.2.5","repository_url":"https://github.com/raszi/node-tmp"},{"name":"js-yaml","old_version":"3.13.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"json-schema","old_version":"0.2.3","new_version":"0.4.0","repository_url":"https://github.com/kriszyp/json-schema"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [uuid](https://github.com/uuidjs/uuid) | `3.3.2` | `14.0.0` |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `0.31.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.0.33` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.13.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/web3-bzz directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [simple-get](https://github.com/feross/simple-get) | `2.8.1` | `2.8.2` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-core-helpers directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.6` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-core-subscriptions directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-eth directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth-abi directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-eth-ens directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth-iban directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3-eth-personal directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 7 updates in the /packages/web3-eth2-beaconchain directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.5` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [form-data](https://github.com/form-data/form-data) | `2.3.3` | `3.0.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 8 updates in the /packages/web3-eth2-core directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `0.21.1` | `0.31.1` |\n| [ansi-regex](https://github.com/chalk/ansi-regex) | `5.0.0` | `5.0.1` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.5` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [form-data](https://github.com/form-data/form-data) | `2.3.3` | `3.0.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-net directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-providers-http directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `removed` |\n\nBumps the npm_and_yarn group with 6 updates in the /packages/web3-providers-ws directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 5 updates in the /packages/web3-shh directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n\nBumps the npm_and_yarn group with 10 updates in the /packages/web3-utils directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [bn.js](https://github.com/indutny/bn.js) | `4.11.9` | `4.12.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` |\n| [minimist](https://github.com/minimistjs/minimist) | `1.2.5` | `1.2.8` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.2.1` | `0.2.5` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [min-document](https://github.com/Raynos/min-document) | `2.19.0` | `2.19.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.5` |\n| [simple-get](https://github.com/feross/simple-get) | `2.8.1` | `2.8.2` |\n\n\nUpdates `bn.js` from 4.11.9 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/84ae31344a557abb78ddabe3bac923b7503e4fb5\"\u003e\u003ccode\u003e84ae313\u003c/code\u003e\u003c/a\u003e 4.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/967ed0a50a9400bbbd83b450550cf37f7fa178b9\"\u003e\u003ccode\u003e967ed0a\u003c/code\u003e\u003c/a\u003e fix: Buffer not using global in browser (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/260\"\u003e#260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/61962320d7907a1a4d03a665782cb2733160c907\"\u003e\u003ccode\u003e6196232\u003c/code\u003e\u003c/a\u003e Fix LE constructor for HEX (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/265\"\u003e#265\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.11.9...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.9.1 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.9.1...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jgonggrijp\"\u003ejgonggrijp\u003c/a\u003e, a new releaser for underscore since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 3.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v3.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.21.1 to 0.31.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.31.1\u003c/h2\u003e\n\u003cp\u003eThis release backports a broad set of security hardenings from the v1 line — covering prototype-pollution defences, stream size enforcement, XSRF handling, URL null-byte encoding, and bounded FormData recursion — and drops committed \u003ccode\u003edist/\u003c/code\u003e artefacts along with Bower support.\u003c/p\u003e\n\u003ch2\u003e⚠️ Breaking Changes \u0026amp; Deprecations\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBower \u0026amp; Committed \u003ccode\u003edist/\u003c/code\u003e Removed:\u003c/strong\u003e \u003ccode\u003edist/\u003c/code\u003e bundles are no longer committed to the repo, and \u003ccode\u003ebower.json\u003c/code\u003e plus the Grunt \u003ccode\u003epackage2bower\u003c/code\u003e task have been removed. CI still builds bundles before publish, so npm/yarn/pnpm consumers are unaffected; installs via Bower or directly from the git tree must migrate to npm or a CDN. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Header Merge (GHSA-6chq-wfr3-2hj9):\u003c/strong\u003e Tightened \u003ccode\u003eisFormData\u003c/code\u003e to reject plain/null-prototype objects and require \u003ccode\u003eappend\u003c/code\u003e, and guarded the Node HTTP adapter so \u003ccode\u003edata.getHeaders()\u003c/code\u003e is only merged when it is not inherited from \u003ccode\u003eObject.prototype\u003c/code\u003e. Blocks injected headers via polluted \u003ccode\u003egetHeaders\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution in Config Merging (GHSA-pf86-5x62-jrwf):\u003c/strong\u003e \u003ccode\u003emergeConfig\u003c/code\u003e, defaults resolution, and the HTTP adapter now uses own-property checks for \u003ccode\u003etransport\u003c/code\u003e, \u003ccode\u003eenv\u003c/code\u003e, \u003ccode\u003eBlob\u003c/code\u003e, \u003ccode\u003eformSerializer\u003c/code\u003e, and transforms arrays, and merged configs are returned as null-prototype objects. Prevents hijacking of the request flow through polluted prototypes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFormData / Params Recursion DoS:\u003c/strong\u003e Added a configurable \u003ccode\u003emaxDepth\u003c/code\u003e (default \u003ccode\u003e100\u003c/code\u003e, \u003ccode\u003eInfinity\u003c/code\u003e disables) to \u003ccode\u003etoFormData\u003c/code\u003e and params serialisation, throwing \u003ccode\u003eAxiosError\u003c/code\u003e with code \u003ccode\u003eERR_FORM_DATA_DEPTH_EXCEEDED\u003c/code\u003e when exceeded. Circular-reference detection is preserved. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eNull-Byte Injection in Query Strings:\u003c/strong\u003e Removed the unsafe \u003ccode\u003e%00\u003c/code\u003e → null-byte substitution from \u003ccode\u003eAxiosURLSearchParams.encode\u003c/code\u003e so \u003ccode\u003e%00\u003c/code\u003e is preserved as-is. Other encoding behaviour (including \u003ccode\u003e%20\u003c/code\u003e → \u003ccode\u003e+\u003c/code\u003e) unchanged. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eConsolidated v1 Security Backport:\u003c/strong\u003e Rolls up remaining v1 hardenings into \u003ccode\u003ev0.x\u003c/code\u003e: \u003ccode\u003emaxContentLength\u003c/code\u003e enforcement for \u003ccode\u003eresponseType: 'stream'\u003c/code\u003e via a guarded transform with deferred piping, \u003ccode\u003emaxBodyLength\u003c/code\u003e enforcement for streamed uploads on native \u003ccode\u003ehttp\u003c/code\u003e/\u003ccode\u003ehttps\u003c/code\u003e with \u003ccode\u003emaxRedirects: 0\u003c/code\u003e, and stricter \u003ccode\u003ewithXSRFToken\u003c/code\u003e handling so only own boolean \u003ccode\u003etrue\u003c/code\u003e enables cross-origin XSRF headers. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCODEOWNERS:\u003c/strong\u003e Added \u003ccode\u003e.github/CODEOWNERS\u003c/code\u003e with \u003ccode\u003e* @jasonsaayman\u003c/code\u003e to set a default reviewer for all paths. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.31.0...v0.31.1\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eThis release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and \u003ccode\u003ezizmor\u003c/code\u003e scanning, resolves TypeScript typing issues in \u003ccode\u003eAxiosInstance\u003c/code\u003e, and fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection \u0026amp; Proxy Bypass:\u003c/strong\u003e Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper \u003ccode\u003eNO_PROXY\u003c/code\u003e/\u003ccode\u003eno_proxy\u003c/code\u003e enforcement covering wildcards, explicit ports, loopback aliases (\u003ccode\u003elocalhost\u003c/code\u003e, \u003ccode\u003e127.0.0.1\u003c/code\u003e, \u003ccode\u003e::1\u003c/code\u003e), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and \u003ccode\u003eparsed.host\u003c/code\u003e is used for correct port and IPv6 handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10688\"\u003e#10688\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e SHA-pins all actions and disables credential persistence in v0.x CI, introduces \u003ccode\u003ezizmor\u003c/code\u003e security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required \u003ccode\u003enpm-publish\u003c/code\u003e GitHub Environment with configurable reviewer protections. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eTypeScript — \u003ccode\u003eAxiosInstance\u003c/code\u003e Return Types:\u003c/strong\u003e Fixes return types in \u003ccode\u003eAxiosInstance\u003c/code\u003e methods to correctly resolve to \u003ccode\u003ePromise\u0026lt;R\u0026gt;\u003c/code\u003e (matching \u003ccode\u003eAxiosPromise\u0026lt;T\u0026gt;\u003c/code\u003e semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance:\u003c/strong\u003e Fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e that caused excessive computation when the argument was a large string. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eVersioning \u0026amp; CI Workflow:\u003c/strong\u003e Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10690\"\u003e#10690\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10691\"\u003e#10691\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/nakataki17\"\u003e\u003ccode\u003e@​nakataki17\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/gmasclet\"\u003e\u003ccode\u003e@​gmasclet\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ivan-churakov\"\u003e\u003ccode\u003e@​ivan-churakov\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.30.3...v0.31.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/a589dc525af12e0fabef7d6e5be028ad433eee31\"\u003e\u003ccode\u003ea589dc5\u003c/code\u003e\u003c/a\u003e chore: bump version to v0.31.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10766\"\u003e#10766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b0c632f36a5ea2e73c9bdf3a54164a8ede925736\"\u003e\u003ccode\u003eb0c632f\u003c/code\u003e\u003c/a\u003e fix: backport security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10764\"\u003e#10764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b52187f4571b6b8663fed5904e3082ab30660364\"\u003e\u003ccode\u003eb52187f\u003c/code\u003e\u003c/a\u003e fix: harden config merging (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10752\"\u003e#10752\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e3ddeb40f6a142a234925341151e2ca631a6de64\"\u003e\u003ccode\u003ee3ddeb4\u003c/code\u003e\u003c/a\u003e fix: header security issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10750\"\u003e#10750\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f4f2d76e25cc0f777e5416e2d76282ab873ef9dc\"\u003e\u003ccode\u003ef4f2d76\u003c/code\u003e\u003c/a\u003e chore: stop committing dist/ and remove bower (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10747\"\u003e#10747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1f2f64433e5be205d74471c78c2721909282b9c0\"\u003e\u003ccode\u003e1f2f644\u003c/code\u003e\u003c/a\u003e chore: add CODEOWNERS (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10740\"\u003e#10740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/44bca902e1bdd7dd6490c7b4985b63e729b0e634\"\u003e\u003ccode\u003e44bca90\u003c/code\u003e\u003c/a\u003e fix: improve regex in AxiosURLSearchParams (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10737\"\u003e#10737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4c4f07fabdb005f5430bab797f12b55e2ed5fb33\"\u003e\u003ccode\u003e4c4f07f\u003c/code\u003e\u003c/a\u003e fix: form data recursion (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10728\"\u003e#10728\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5073eca0edd37b13a0e39dcb48794d779b7dff8d\"\u003e\u003ccode\u003e5073eca\u003c/code\u003e\u003c/a\u003e chore: release v0.31.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10697\"\u003e#10697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b57eb1a93214c9d6840035add0cc705fa9d6d697\"\u003e\u003ccode\u003eb57eb1a\u003c/code\u003e\u003c/a\u003e ci: update branch name (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.21.1...v0.31.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimist` from 1.2.5 to 1.2.8\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md\"\u003eminimist's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.7...v1.2.8\"\u003ev1.2.8\u003c/a\u003e - 2023-02-09\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/17\"\u003e\u003ccode\u003e[#17](https://github.com/minimistjs/minimist/issues/17)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/12\"\u003e\u003ccode\u003e[#12](https://github.com/minimistjs/minimist/issues/12)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/10\"\u003e\u003ccode\u003e[#10](https://github.com/minimistjs/minimist/issues/10)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/8\"\u003e\u003ccode\u003e[#8](https://github.com/minimistjs/minimist/issues/8)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/10\"\u003e#10\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/9\"\u003e\u003ccode\u003e[#9](https://github.com/minimistjs/minimist/issues/9)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Fix handling of short option with non-trivial equals \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/5\"\u003e\u003ccode\u003e[#5](https://github.com/minimistjs/minimist/issues/5)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/8\"\u003e\u003ccode\u003e[#8](https://github.com/minimistjs/minimist/issues/8)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/9\"\u003e\u003ccode\u003e[#9](https://github.com/minimistjs/minimist/issues/9)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMerge tag 'v0.2.3' \u003ca href=\"https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da\"\u003e\u003ccode\u003ea026794\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation and whitespace \u003ca href=\"https://github.com/minimistjs/minimist/commit/5368ca4147e974138a54cc0dc4cea8f756546b70\"\u003e\u003ccode\u003e5368ca4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation and whitespace \u003ca href=\"https://github.com/minimistjs/minimist/commit/e5f5067259ceeaf0b098d14bec910f87e58708c7\"\u003e\u003ccode\u003ee5f5067\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] more cleanup \u003ca href=\"https://github.com/minimistjs/minimist/commit/62fde7d935f83417fb046741531a9e2346a36976\"\u003e\u003ccode\u003e62fde7d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] more cleanup \u003ca href=\"https://github.com/minimistjs/minimist/commit/36ac5d0d95e4947d074e5737d94814034ca335d1\"\u003e\u003ccode\u003e36ac5d0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/73923d223553fca08b1ba77e3fbc2a492862ae4c\"\u003e\u003ccode\u003e73923d2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] add reusable workflows \u003ca href=\"https://github.com/minimistjs/minimist/commit/d80727df77bfa9e631044d7f16368d8f09242c91\"\u003e\u003ccode\u003ed80727d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] add eslint; rules to enable later are warnings \u003ca href=\"https://github.com/minimistjs/minimist/commit/48bc06a1b41f00e9cdf183db34f7a51ba70e98d4\"\u003e\u003ccode\u003e48bc06a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] fix indentation \u003ca href=\"https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982\"\u003e\u003ccode\u003e34b0f1c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[readme] rename and add badges \u003ca href=\"https://github.com/minimistjs/minimist/commit/5df0fe49211bd09a3636f8686a7cb3012c3e98f0\"\u003e\u003ccode\u003e5df0fe4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] switch from \u003ccode\u003ecovert\u003c/code\u003e to \u003ccode\u003enyc\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/a48b128fdb8d427dfb20a15273f83e38d97bef07\"\u003e\u003ccode\u003ea48b128\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ecovert\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e; remove unnecessary \u003ccode\u003etap\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/f0fb958e9a1fe980cdffc436a211b0bda58f621b\"\u003e\u003ccode\u003ef0fb958\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] create FUNDING.yml; add \u003ccode\u003efunding\u003c/code\u003e in package.json \u003ca href=\"https://github.com/minimistjs/minimist/commit/3639e0c819359a366387e425ab6eabf4c78d3caa\"\u003e\u003ccode\u003e3639e0c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] use \u003ccode\u003enpmignore\u003c/code\u003e to autogenerate an npmignore file \u003ca href=\"https://github.com/minimistjs/minimist/commit/be2e038c342d8333b32f0fde67a0026b79c8150e\"\u003e\u003ccode\u003ebe2e038\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/minimistjs/minimist/commit/282b570e7489d01b03f2d6d3dabf79cd3e5f84cf\"\u003e\u003ccode\u003e282b570\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eisConstructorOrProto adapted from PR \u003ca href=\"https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11\"\u003e\u003ccode\u003eef9153f\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79\"\u003e\u003ccode\u003e098873c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/3124ed3e46306301ebb3c834874ce0241555c2c4\"\u003e\u003ccode\u003e3124ed3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/4b927de696d561c636b4f43bf49d4597cb36d6d6\"\u003e\u003ccode\u003e4b927de\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add \u003ccode\u003eaud\u003c/code\u003e in \u003ccode\u003eposttest\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/b32d9bd0ab340f4e9f8c3a97ff2a4424f25fab8c\"\u003e\u003ccode\u003eb32d9bd\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] update repo URLs \u003ca href=\"https://github.com/minimistjs/minimist/commit/f9fdfc032c54884d9a9996a390c63cd0719bbe1a\"\u003e\u003ccode\u003ef9fdfc0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] Avoid 0.6 tests due to build failures \u003ca href=\"https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec\"\u003e\u003ccode\u003eba92fe6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003etape\u003c/code\u003e \u003ca href=\"https://github.com/minimistjs/minimist/commit/950eaa74f112e04d23e9c606c67472c46739b473\"\u003e\u003ccode\u003e950eaa7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] add missing \u003ccode\u003enpmignore\u003c/code\u003e dev dep \u003ca href=\"https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b\"\u003e\u003ccode\u003e3226afa\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge tag 'v0.2.2' \u003ca href=\"https://github.com/minimistjs/minimist/commit/980d7ac61a0b4bd552711251ac107d506b23e41f\"\u003e\u003ccode\u003e980d7ac\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.6...v1.2.7\"\u003ev1.2.7\u003c/a\u003e - 2022-10-10\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/6901ee286bc4c16da6830b48b46ce1574703cea1\"\u003e\u003ccode\u003e6901ee2\u003c/code\u003e\u003c/a\u003e v1.2.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/a0267947c7870fc5847cf2d437fbe33f392767da\"\u003e\u003ccode\u003ea026794\u003c/code\u003e\u003c/a\u003e Merge tag 'v0.2.3'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/c0b26618322e94adea26c68e613ef0be482c6c63\"\u003e\u003ccode\u003ec0b2661\u003c/code\u003e\u003c/a\u003e v0.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/63b8fee87b8e7a003216d5d77ba5d6decf3cfb0d\"\u003e\u003ccode\u003e63b8fee\u003c/code\u003e\u003c/a\u003e [Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/72239e6f0ea77d8be0ad4f682b7ae7d142144395\"\u003e\u003ccode\u003e72239e6\u003c/code\u003e\u003c/a\u003e [Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/34b0f1ccaa45183c3c4f06a91f9b405180a6f982\"\u003e\u003ccode\u003e34b0f1c\u003c/code\u003e\u003c/a\u003e [eslint] fix indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/3226afaf09e9d127ca369742437fe6e88f752d6b\"\u003e\u003ccode\u003e3226afa\u003c/code\u003e\u003c/a\u003e [Dev Deps] add missing \u003ccode\u003enpmignore\u003c/code\u003e dev dep\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/098873c213cdb7c92e55ae1ef5aa1af3a8192a79\"\u003e\u003ccode\u003e098873c\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eaud\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/9ec4d279ced72ea2f60237218e71cc03aa0dfdd6\"\u003e\u003ccode\u003e9ec4d27\u003c/code\u003e\u003c/a\u003e [Fix] Fix long option followed by single dash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/minimistjs/minimist/commit/ba92fe6ebbdc0431cca9a2ea8f27beb492f5e4ec\"\u003e\u003ccode\u003eba92fe6\u003c/code\u003e\u003c/a\u003e [actions] Avoid 0.6 tests due to build failures\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for minimist since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decode-uri-component` from 0.2.0 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/releases\"\u003edecode-uri-component's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent overwriting previously decoded tokens  980e0bf\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to GitHub workflows  76abc93\u003c/li\u003e\n\u003cli\u003eFix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e  746ca5d\u003c/li\u003e\n\u003cli\u003eUpdate license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)  486d7e2\u003c/li\u003e\n\u003cli\u003eTidelift tasks  a650457\u003c/li\u003e\n\u003cli\u003eMeta tweaks  66e1c28\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a0eea469d26eb0df668b081672cdb9581feb78eb\"\u003e\u003ccode\u003ea0eea46\u003c/code\u003e\u003c/a\u003e 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/980e0bf09b64d94f1aa79012f895816c30ffd152\"\u003e\u003ccode\u003e980e0bf\u003c/code\u003e\u003c/a\u003e Prevent overwriting previously decoded tokens\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/3c8a373dd4837e89b3f970e01295dd03e1405a33\"\u003e\u003ccode\u003e3c8a373\u003c/code\u003e\u003c/a\u003e 0.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/76abc939783fe3900fadb7d384a74d324d5557f3\"\u003e\u003ccode\u003e76abc93\u003c/code\u003e\u003c/a\u003e Switch to GitHub workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9\"\u003e\u003ccode\u003e746ca5d\u003c/code\u003e\u003c/a\u003e Fix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/486d7e26d3a8c0fbe860fb651fe1bc98c2f2be30\"\u003e\u003ccode\u003e486d7e2\u003c/code\u003e\u003c/a\u003e Update license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a65045724e6234acef87f31da499d4807b20b134\"\u003e\u003ccode\u003ea650457\u003c/code\u003e\u003c/a\u003e Tidelift tasks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/66e1c2834c0e189201cb65196ec3101372459b02\"\u003e\u003ccode\u003e66e1c28\u003c/code\u003e\u003c/a\u003e Meta tweaks\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tmp` from 0.0.33 to 0.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md\"\u003etmp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2 (2024-02-28)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/278\"\u003e#278\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/268\"\u003e#268\u003c/a\u003e: Revert \u0026quot;fix \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/246\"\u003e#246\u003c/a\u003e: remove any double quotes or single quotes… (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/279\"\u003e#279\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/266\"\u003e#266\u003c/a\u003e: move paragraph on graceful cleanup to the head of the documentation (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 5\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDave Nicolson (\u003ca href=\"https://github.com/dnicolson\"\u003e\u003ccode\u003e@​dnicolson\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKARASZI István (\u003ca href=\"https://github.com/raszi\"\u003e\u003ccode\u003e@​raszi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMaxime Bargiel (\u003ca href=\"https://github.com/mbargiel\"\u003e\u003ccode\u003e@​mbargiel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/robertoaceves\"\u003e\u003ccode\u003e@​robertoaceves\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.1 (2020-04-28)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/252\"\u003e#252\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/250\"\u003e#250\u003c/a\u003e: introduce tmpdir option for overriding the system tmp dir (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/253\"\u003e#253\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/191\"\u003e#191\u003c/a\u003e: generate changelog from pull requests using lerna-changelog (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eCarsten Klein (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.2.0 (2020-04-25)\u003c/h2\u003e\n\u003ch4\u003e:rocket: Enhancement\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/234\"\u003e#234\u003c/a\u003e feat: stabilize tmp for v0.2.0 release (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/231\"\u003e#231\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/230\"\u003e#230\u003c/a\u003e: regression after fix for \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/220\"\u003e#220\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/197\"\u003e#197\u003c/a\u003e: return sync callback when using the sync interface, otherwise return the async callback (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/193\"\u003e#193\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/192\"\u003e#192\u003c/a\u003e: tmp must not exit the process on its own (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/221\"\u003e#221\u003c/a\u003e Gh 206 document name option (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/226\"\u003e#226\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/212\"\u003e#212\u003c/a\u003e: enable direct name option test (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/225\"\u003e#225\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/211\"\u003e#211\u003c/a\u003e: existing tests must clean up after themselves (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/224\"\u003e#224\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/217\"\u003e#217\u003c/a\u003e: name tests must use tmpName (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/223\"\u003e#223\u003c/a\u003e Closes \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/214\"\u003e#214\u003c/a\u003e: refactor tests and lib (\u003ca href=\"https://github.com/silkentrance\"\u003e\u003ccode\u003e@​silkentrance\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/raszi/node-tmp/pull/198\"\u003e#198\u003c/a\u003e Update dependencies to latest versions (\u003ca href=\"https://github.com/matsev\"\u003e\u003ccode\u003e@​matsev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/3d2fe387f3f91b13830b9182faa02c3231ea8258\"\u003e\u003ccode\u003e3d2fe38\u003c/code\u003e\u003c/a\u003e Bump up the version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/e16282879e5d0554fe824e1ab3df724847e91183\"\u003e\u003ccode\u003ee162828\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/raszi/node-tmp/issues/309\"\u003e#309\u003c/a\u003e from fflorent/fix-tmp-dir-with-dir\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b847d2f1a42b625c26149f4a2029ed00a1edf90b\"\u003e\u003ccode\u003eb847d2f\u003c/code\u003e\u003c/a\u003e Fix use of tmp.dir() with \u003ccode\u003edir\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/08fa3abac32b621506512724b28b56b9c4a95846\"\u003e\u003ccode\u003e08fa3ab\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/1cf4ec54180a77a2a95dc1941efa1659774c8787\"\u003e\u003ccode\u003e1cf4ec5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b\"\u003e\u003ccode\u003e188b25e\u003c/code\u003e\u003c/a\u003e Fix GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/73b9fe45bbb40157acdfab8126dd0911de91c8fa\"\u003e\u003ccode\u003e73b9fe4\u003c/code\u003e\u003c/a\u003e Add test case for GHSA-52f5-9888-hmc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/b8e2f29a7575352e49e4882a836aab4bd2ec927f\"\u003e\u003ccode\u003eb8e2f29\u003c/code\u003e\u003c/a\u003e Remove broken tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/2892a027b4d2d3a25d1d08a398bc108a0200857f\"\u003e\u003ccode\u003e2892a02\u003c/code\u003e\u003c/a\u003e Remove outdated URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/raszi/node-tmp/commit/f5923182461a89e9de5a7a09c75f410a76979ae7\"\u003e\u003ccode\u003ef592318\u003c/code\u003e\u003c/a\u003e Reformat package.json\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/raszi/node-tmp/compare/v0.0.33...v0.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.13.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/37caaad57dc37d350d9a4577a5da53f482bb2983\"\u003e\u003ccode\u003e37caaad\u003c/code\u003e\u003c/a\u003e 3.14.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/094c0f7a79e6ff9e2b4d50b22686d2586894b58f\"\u003e\u003ccode\u003e094c0f7\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9586ebe23298427d26b3479979bd6499bf3a14c2\"\u003e\u003ccode\u003e9586ebe\u003c/code\u003e\u003c/a\u003e Avoid calling hasOwnProperty of user-controlled objects\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/34e5072f43fd36b08aaaad433da73c10d47c41e5\"\u003e\u003ccode\u003e34e5072\u003c/code\u003e\u003c/a\u003e 3.14.0 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/7b25c83a6dc77097c2bf14bf714e168f60ee199b\"\u003e\u003ccode\u003e7b25c83\u003c/code\u003e\u003c/a\u003e Browser files rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/6f7347396867b8dcfc042722c2aae810dfe4caae\"\u003e\u003ccode\u003e6f73473\u003c/code\u003e\u003c/a\u003e Dev deps bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/0c293491d903cddcd41b41c165bc45eeb9a8d720\"\u003e\u003ccode\u003e0c29349\u003c/code\u003e\u003c/a\u003e Travis-CI: drop old nodejs versions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.13.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `json-schema` from 0.2.3 to 0.4.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa\"\u003e\u003ccode\u003ef6f6a3b\u003c/code\u003e\u003c/a\u003e Use a little more robust method of checking instances\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/ef60987a9a14b9d9c739384460044ba53cd9b9a2\"\u003e\u003ccode\u003eef60987\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a\"\u003e\u003ccode\u003eb62f1da\u003c/code\u003e\u003c/a\u003e Protect against constructor modification, \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/84\"\u003e#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/fb427cd4d175684786e4b2538718e72453e825e9\"\u003e\u003ccode\u003efb427cd\u003c/code\u003e\u003c/a\u003e Link to json-schema-org repository in addition to site, fixes \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/54\"\u003e#54\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741\"\u003e\u003ccode\u003e22f1461\u003c/code\u003e\u003c/a\u003e Don't allow \u003cstrong\u003eproto\u003c/strong\u003e property to be used for schema default/coerce, fixes \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/84\"\u003e#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/c52a27c653428149e4f9fb776d5e110d04639a9c\"\u003e\u003ccode\u003ec52a27c\u003c/code\u003e\u003c/a\u003e Get basic test to pass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/b3f42b3331608fe83b6cc267c5fc513ec1b839ed\"\u003e\u003ccode\u003eb3f42b3\u003c/code\u003e\u003c/a\u003e Add security policy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/3b0cec3042a5aac5c967fd43475f5edc4c5b6eff\"\u003e\u003ccode\u003e3b0cec3\u003c/code\u003e\u003c/a\u003e Update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/c28470f2d64bace29c73d140f9c6876e3c3a9fef\"\u003e\u003ccode\u003ec28470f\u003c/code\u003e\u003c/a\u003e Update readme to acknowledge the state of the package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kriszyp/json-schema/commit/7dff9cd2c35c31ff3c43fa4e38737c94283dd3d3\"\u003e\u003ccode\u003e7dff9cd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/kriszyp/json-schema/issues/81\"\u003e#81\u003c/a\u003e from hodovani/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kriszyp/json-schema/compare/v0.2.3...v0.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimist` from 1.2.5 to 1.2.8\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md\"\u003eminimist's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/minimistjs/minimist/compare/v1.2.7...v1.2.8\"\u003ev1.2.8\u003c/a\u003e - 2023-02-09\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/17\"\u003e\u003ccode\u003e[#17](https://github.com/minimistjs/minimist/issues/17)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/12\"\u003e\u003ccode\u003e[#12](https://github.com/minimistjs/minimist/issues/12)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases \u003ca href=\"https://redirect.github.com/minimistjs/minimist/pull/10\"\u003e\u003ccode\u003e[#10](https://github.com/minimistjs/minimist/issues/10)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/17\"\u003e#17\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] Remove duplicate test (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/12\"\u003e#12\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/8\"\u003e\u003ccode\u003e[#8](https://github.com/minimistjs/minimist/issues/8)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Fix long option followed by single dash \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/15\"\u003e\u003ccode\u003e[#15](https://github.com/minimistjs/minimist/issues/15)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] opt.string works with multiple aliases (\u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/10\"\u003e#10\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/minimistjs/minimist/issues/9\"\u003e\u003ccode\u003e[#9](https://github.com/minimistjs/minimist/issues/9)\u003c/c...\n\n_Description has been truncated_\n\u003c!-- devin-review-badge-begin --\u003e\n\n---\n\n\u003ca href=\"https://app.devin.ai/review/cyptopimpinainteazy/dextoolsweb3.js/pull/6\" target=\"_blank\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1\"\u003e\n    \u003cimg src=\"https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1\" alt=\"Open in Devin Review\"\u003e\n  \u003c/picture\u003e\n\u003c/a\u003e\n\u003c!-- devin-review-badge-end --\u003e\n\n\u003c!-- RECURSEML_SUMMARY:START --\u003e\n## High-level PR Summary\nThis PR updates multiple npm dependencies across 18 directories in a monorepo structure to address security vulnerabilities and compatibility issues. The updates include critical security patches for packages like `axios` (0.21.1 → 0.31.1), `uuid` (3.3.2 → 14.0.0), `underscore` (1.9.1 → 1.13.8), `minimist` (1.2.5 → 1.2.8), and several other dependencies with known vulnerabilities. Additionally, it bumps development dependencies like `karma`, `lerna`, and `mocha` to more recent versions. The changes are primarily version bumps in `package.json` files and their corresponding lock files, with no code modifications.\n\n⏱️ Estimated Review Time: 30-90 minutes\n\n\u003cdetails\u003e\n\u003csummary\u003e💡 Review Order Suggestion\u003c/summary\u003e\n\n| Order | File Path |\n|-------|-----------|\n| 1 | `package.json` |\n| 2 | `package-lock.json` |\n| 3 | `packages/web3/package-lock.json` |\n| 4 | `packages/web3-bzz/package.json` |\n| 5 | `packages/web3-bzz/package-lock.json` |\n| 6 | `packages/web3-core-helpers/package.json` |\n| 7 | `packages/web3-core-helpers/package-lock.json` |\n| 8 | `packages/web3-core-method/package.json` |\n| 9 | `packages/web3-core-method/package-lock.json` |\n| 10 | `packages/web3-core-requestmanager/package-lock.json` |\n| 11 | `packages/web3-core-requestmanager/package.json` |\n| 12 | `packages/web3-core-subscriptions/package.json` |\n| 13 | `packages/web3-core-subscriptions/package-lock.json` |\n| 14 | `packages/web3-core/package.json` |\n| 15 | `packages/web3-core/package-lock.json` |\n| 16 | `packages/web3-eth-abi/package.json` |\n| 17 | `packages/web3-eth-abi/package-lock.json` |\n| 18 | `packages/web3-eth-accounts/package.json` |\n| 19 | `packages/web3-eth-accounts/package-lock.json` |\n| 20 | `packages/web3-eth-contract/package.json` |\n| 21 | `packages/web3-eth-contract/package-lock.json` |\n| 22 | `packages/web3-eth-ens/package.json` |\n| 23 | `packages/web3-eth-ens/package-lock.json` |\n| 24 | `packages/web3-eth-iban/package.json` |\n| 25 | `packages/web3-eth-iban/package-lock.json` |\n| 26 | `packages/web3-eth-personal/package-lock.json` |\n| 27 | `packages/web3-eth/package.json` |\n| 28 | `packages/web3-eth/package-lock.json` |\n| 29 | `packages/web3-eth2-beaconchain/package-lock.json` |\n| 30 | `packages/web3-eth2-core/package.json` |\n| 31 | `packages/web3-eth2-core/package-lock.json` |\n| 32 | `packages/web3-net/package.json` |\n| 33 | `packages/web3-net/package-lock.json` |\n| 34 | `packages/web3-providers-http/package.json` |\n| 35 | `packages/web3-providers-http/package-lock.json` |\n| 36 | `packages/web3-providers-ipc/package.json` |\n| 37 | `packages/web3-providers-ipc/package-lock.json` |\n| 38 | `packages/web3-providers-ws/package.json` |\n| 39 | `packages/web3-providers-ws/package-lock.json` |\n| 40 | `packages/web3-shh/package-lock.json` |\n| 41 | `packages/web3-utils/package.json` |\n| 42 | `packages/web3-utils/package-lock.json` |\n\u003c/details\u003e\n\n\n\n[![Need help? Join our Discord](https://img.shields.io/badge/Need%20help%3F%20Join%20our%20Discord-5865F2?style=plastic\u0026logo=discord\u0026logoColor=white)](https://discord.gg/n3SsVDAW6U)\n\n\u003c!-- RECURSEML_SUMMARY:END --\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpdate security-sensitive dependencies across the monorepo and align internal `web3-*` packages, reducing vulnerabilities and modernizing the stack. Notable upgrades include `uuid@14` (Node 20+), `axios@0.31.1`, and `underscore@1.13.8`.\n\n- **Dependencies**\n  - Bumped `uuid` to `14.0.0` in `web3-eth-accounts` (requires Node 20+, expects global `crypto`).\n  - Upgraded `axios` to `0.31.1` with multiple security hardenings (header sanitization, prototype pollution guards, stream limits, XSRF handling).\n  - Updated core libs: `underscore@1.13.8`, `bn.js@4.12.3`, `minimist@1.2.8`, `js-yaml@3.14.2`, `json-schema@0.4.0`, and related transitive packages.\n  - Aligned internal deps where needed: `web3-core*` and `web3-utils` to `1.10.x`.\n\n- **Migration**\n  - Ensure Node 20+ in runtime/CI if using `web3-eth-accounts` (via `uuid@14`). If not possible, pin `uuid` below `14`.\n  - If your build pulled `axios` from git/Bower, switch to npm or a CDN bundle (dist no longer committed).\n  - After merging, reinstall dependencies to refresh lockfiles.\n\n\u003csup\u003eWritten for commit a8502dcb1de3f6d24ddf1f1814402d89bf5611bd. Summary will update on new commits. \u003ca href=\"https://cubic.dev/pr/Cyptopimpinainteazy/DEXTOOLSweb3.js/pull/6?utm_source=github\"\u003eReview in cubic\u003c/a\u003e\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/Cyptopimpinainteazy/DEXTOOLSweb3.js/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyptopimpinainteazy%2FDEXTOOLSweb3.js/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-23T12:52:29.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4508192982","node_id":"PR_kwDOQXnBqc7enux5","number":16,"state":"closed","title":"chore(deps): Bump the npm_and_yarn group across 1 directory with 7 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-31T14:21:46.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T12:52:29.000Z","updated_at":"2026-05-31T14:21:47.000Z","time_to_close":696557,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"npm_and_yarn","update_count":7,"packages":[{"name":"multer","old_version":"2.0.2","new_version":"2.1.1","repository_url":"https://github.com/expressjs/multer"},{"name":"@xmldom/xmldom","old_version":"0.8.11","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"qs","old_version":"6.14.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [multer](https://github.com/expressjs/multer) | `2.0.2` | `2.1.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.14.2` | `6.15.2` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n\n\nUpdates `multer` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/releases\"\u003emulter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add node version to 25.x in CI by \u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1377\"\u003eexpressjs/multer#1377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1376\"\u003eexpressjs/multer#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1375\"\u003eexpressjs/multer#1375\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1374\"\u003eexpressjs/multer#1374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix error/abort handling by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1373\"\u003eexpressjs/multer#1373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e2.1.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1380\"\u003eexpressjs/multer#1380\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\"\u003ehttps://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.0\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1346\"\u003eexpressjs/multer#1346\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop mkdirp dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop object-assign dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1351\"\u003eexpressjs/multer#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop xtend dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1352\"\u003eexpressjs/multer#1352\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(gitignore): ignore .nyc_output directory by \u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-vi.md regarding file upload by \u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-pt-br.md for array method by \u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eheaders-support-utf8 by \u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Turkish translation (README-tr.md) by \u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.1.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1371\"\u003eexpressjs/multer#1371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\"\u003ehttps://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/blob/main/CHANGELOG.md\"\u003emulter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix error/abort handling\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edefParamCharset\u003c/code\u003e option for UTF-8 filename support (\u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/368c8a10cca11854cf17c24029fefd1eafb1c059\"\u003e\u003ccode\u003e368c8a1\u003c/code\u003e\u003c/a\u003e 2.1.1 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1380\"\u003e#1380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752\"\u003e\u003ccode\u003e7e66481\u003c/code\u003e\u003c/a\u003e 🐛 fix recursion issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/643571ef85e9db94b87a777773f4d67156f82a3e\"\u003e\u003ccode\u003e643571e\u003c/code\u003e\u003c/a\u003e ✅ add explicit test for client able to send body without abrupt disconnect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/e86fa523753f8d54ad0687bf52fb20044b6fa309\"\u003e\u003ccode\u003ee86fa52\u003c/code\u003e\u003c/a\u003e fix error/abort handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/ca37779bf1f531a70af9977805380d0f51d293e2\"\u003e\u003ccode\u003eca37779\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/13088f41e3bf8c3fc21d8c2867ffafb42470ed09\"\u003e\u003ccode\u003e13088f4\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1375\"\u003e#1375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/bc6a1d1374f7ddc9baf9d22bf7c30f831c621e3a\"\u003e\u003ccode\u003ebc6a1d1\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/c496e931263a901ccfc0821ac21768ac23786f77\"\u003e\u003ccode\u003ec496e93\u003c/code\u003e\u003c/a\u003e chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1377\"\u003e#1377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/fa173d30d01f4e18a8be74570b2770c7230b8b05\"\u003e\u003ccode\u003efa173d3\u003c/code\u003e\u003c/a\u003e chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/17d7f5193a237ebfd4c19274c7a6729538b4a9a0\"\u003e\u003ccode\u003e17d7f51\u003c/code\u003e\u003c/a\u003e chore: add node version to 25.x in CI\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.11 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.13.7 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.13.7...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ry-ops/ATSFlow/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ry-ops/ATSFlow/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ry-ops%2FATSFlow/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"}},{"old_version":"1.13.6","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-23T10:19:43.000Z","version_change":"1.13.6 → 1.13.8","issue":{"uuid":"4507760461","node_id":"PR_kwDOM32Evs7emX-q","number":92,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 21 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T10:19:43.000Z","updated_at":"2026-06-07T04:01:35.006Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"axios","old_version":"1.7.5","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"dompurify","old_version":"3.1.6","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"protobufjs","old_version":"7.2.5","new_version":"7.5.8","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"uuid","old_version":"9.0.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"protobufjs-cli","old_version":"1.1.1","new_version":"1.2.1","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.20.11","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"fast-xml-parser","old_version":"4.4.1","new_version":"4.5.6","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.1.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"immutable","old_version":"4.2.3","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protocol-buffers-schema","old_version":"3.6.0","new_version":"3.6.1","repository_url":"https://github.com/mafintosh/protocol-buffers-schema"},{"name":"rollup","old_version":"2.79.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"underscore","old_version":"1.13.6","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"webpack-dev-server","old_version":"4.11.1","new_version":"4.15.2","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the /frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.5` | `1.15.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.1.6` | `3.4.0` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.2.5` | `7.5.8` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.0` | `14.0.0` |\n| [protobufjs-cli](https://github.com/protobufjs/protobuf.js) | `1.1.1` | `1.2.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.20.11` | `7.29.4` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.4.1` | `4.5.6` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.1.1` | `3.4.2` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.2.3` | `4.3.8` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [protocol-buffers-schema](https://github.com/mafintosh/protocol-buffers-schema) | `3.6.0` | `3.6.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.6` | `1.13.8` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.11.1` | `4.15.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\n\nUpdates `axios` from 1.7.5 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.5...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.1.6 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution issue when working with custom elements, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a lenient config parsing in \u003ccode\u003e_isValidAttribute\u003c/code\u003e, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumped and removed several dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed the test suite after bumping dependencies, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003eADD_FORBID_CONTENTS\u003c/code\u003e setting to extend default list, thanks \u003ca href=\"https://github.com/MariusRumpf\"\u003e\u003ccode\u003e@​MariusRumpf\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated the ESM import syntax to be more correct, thanks \u003ca href=\"https://github.com/binhpv\"\u003e\u003ccode\u003e@​binhpv\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the SVG \u003ccode\u003emask-type\u003c/code\u003e attribute to default allow-list, thanks \u003ca href=\"https://github.com/prasadrajandran\"\u003e\u003ccode\u003e@​prasadrajandran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded support for \u003ccode\u003eADD_ATTR\u003c/code\u003e and \u003ccode\u003eADD_TAGS\u003c/code\u003e to accept functions, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with the \u003ccode\u003eslot\u003c/code\u003e element being in both SVG and HTML allow-list, thanks \u003ca href=\"https://github.com/Wim-Valgaeren\"\u003e\u003ccode\u003e@​Wim-Valgaeren\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded new attributes and elements to default allow-list, thanks \u003ca href=\"https://github.com/elrion018\"\u003e\u003ccode\u003e@​elrion018\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003etagName\u003c/code\u003e parameter to custom element \u003ccode\u003eattributeNameCheck\u003c/code\u003e, thanks \u003ca href=\"https://github.com/nelstrom\"\u003e\u003ccode\u003e@​nelstrom\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded better check for animated \u003ccode\u003ehref\u003c/code\u003e attributes, thanks \u003ca href=\"https://github.com/llamakko\"\u003e\u003ccode\u003e@​llamakko\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated and improved the bundled types, thanks \u003ca href=\"https://github.com/ssi02014\"\u003e\u003ccode\u003e@​ssi02014\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated several tests to better align with new browser encoding behaviors\u003c/li\u003e\n\u003cli\u003eImproved the handling of potentially risky content inside CDATA elements, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImproved the regular expression for raw-text elements to cover textareas, thanks \u003ca href=\"https://github.com/securityMB\"\u003e\u003ccode\u003e@​securityMB\u003c/code\u003e\u003c/a\u003e \u0026amp; \u003ca href=\"https://github.com/terjanq\"\u003e\u003ccode\u003e@​terjanq\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.2.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.1.6...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.2.5 to 7.5.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.8\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e54b593f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8\"\u003e7.5.8\u003c/a\u003e (2026-05-12)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e54b593f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6\"\u003e\u003ccode\u003ed7035f9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e\u003ccode\u003e54b593f\u003c/code\u003e\u003c/a\u003e fix: Backport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.5...protobufjs-v7.5.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 9.0.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs-cli` from 1.1.1 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs-cli's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs-cli: v1.2.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.2.0...protobufjs-cli-v1.2.1\"\u003e1.2.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs-cli: v1.2.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.4...protobufjs-cli-v1.2.0\"\u003e1.2.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1\"\u003ea84409b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9\"\u003e9c5a178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e\"\u003eb2c6867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef\"\u003e60f3e51\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64\"\u003ea656361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1af8454538b63d58b822ea9d20b935f2ac9f158c\"\u003e1af8454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a9ffc8a7b593209642fc9d89e884ac6c4e746494\"\u003ea9ffc8a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution for protobuf editions (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/547afa26f76e22e5463a17aec082b0b60cd951d8\"\u003e547afa2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eapi_converters_editions tests added and run successfully\u0026quot; (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b4b5ca468fcde2082d65a72b508f18d07d75245c\"\u003eb4b5ca4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eincrease size of file that protobufjs CLI can process (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/00d5f1aca4d7959068f52fd11767c21b483e75bb\"\u003e00d5f1a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eincrease size of file that protobufjs CLI can process (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d36ef0faeae9a9ec655747cb650571bdd9b1243b\"\u003ed36ef0f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.3...protobufjs-cli-v1.1.4\"\u003e1.1.4\u003c/a\u003e (2024-08-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einclude (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/28e333415d3c85687810e164125997d17baba0bd\"\u003e28e3334\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.2...protobufjs-cli-v1.1.3\"\u003e1.1.3\u003c/a\u003e (2024-08-16)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ehandle nullability for optional fields (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/59569c12c85c1c7b783ace9a71775b1d05a08e9c\"\u003e59569c1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.1...protobufjs-cli-v1.1.2\"\u003e1.1.2\u003c/a\u003e (2023-08-21)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epossible infinite loop when parsing option (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1923\"\u003e#1923\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f2a86201799af5842e1339c22950abbb3db00f51\"\u003ef2a8620\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482\"\u003e\u003ccode\u003e086b19d\u003c/code\u003e\u003c/a\u003e fix: do not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.1...protobufjs-cli-v1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs-cli since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.20.11 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca hre...\n\n_Description has been truncated_","html_url":"https://github.com/Bonniemarie216/streamlit/pull/92","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Bonniemarie216%2Fstreamlit/issues/92","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/92/packages"}},{"old_version":"1.12.1","new_version":"1.13.8","update_type":"minor","path":null,"pr_created_at":"2026-05-22T21:56:29.000Z","version_change":"1.12.1 → 1.13.8","issue":{"uuid":"4505809996","node_id":"PR_kwDOBTb13s7egWqB","number":159,"state":"closed","title":"build(deps): bump the web-npm-security-minor-patch group across 1 directory with 23 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T23:56:14.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T21:56:29.000Z","updated_at":"2026-05-22T23:56:15.000Z","time_to_close":7185,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"web-npm-security-minor-patch","update_count":23,"packages":[{"name":"underscore","old_version":"1.12.1","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"@babel/runtime","old_version":"7.6.0","new_version":"7.29.2","repository_url":"https://github.com/babel/babel"},{"name":"@babel/traverse","old_version":"7.2.3","new_version":"7.29.0","repository_url":"https://github.com/babel/babel"},{"name":"browserify-sign","old_version":"4.0.4","new_version":"4.2.5","repository_url":"https://github.com/crypto-browserify/browserify-sign"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"decode-uri-component","old_version":"0.2.0","new_version":"0.2.2","repository_url":"https://github.com/SamVerschueren/decode-uri-component"},{"name":"qs","old_version":"6.5.2","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"body-parser","old_version":"1.18.3","new_version":"1.20.5","repository_url":"https://github.com/expressjs/body-parser"},{"name":"handlebars","old_version":"4.5.3","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"immutable","old_version":"5.1.3","new_version":"5.1.5","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"tmp","old_version":"0.0.33","new_version":"0.2.5","repository_url":"https://github.com/raszi/node-tmp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the web-npm-security-minor-patch group with 11 updates in the /web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [underscore](https://github.com/jashkenas/underscore) | `1.12.1` | `1.13.8` |\n| [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) | `7.6.0` | `7.29.2` |\n| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.2.3` | `7.29.0` |\n| [browserify-sign](https://github.com/crypto-browserify/browserify-sign) | `4.0.4` | `4.2.5` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.15.2` |\n| [body-parser](https://github.com/expressjs/body-parser) | `1.18.3` | `1.20.5` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.5.3` | `4.7.9` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.3` | `5.1.5` |\n| [tmp](https://github.com/raszi/node-tmp) | `0.0.33` | `0.2.5` |\n\n\nUpdates `underscore` from 1.12.1 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.12.1...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/runtime` from 7.6.0 to 7.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/runtime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17789\"\u003e#17789\u003c/a\u003e [7.x backport] preset-env include/exclude should accept bugfix plugins (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17813\"\u003e#17813\u003c/a\u003e chore: update eslint peer deps (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.1 (2026-02-04)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17771\"\u003e#17771\u003c/a\u003e [7.x backport] fix: ensure \u003ccode\u003etargets.esmodules\u003c/code\u003e is validated (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17776\"\u003e#17776\u003c/a\u003e [7.x backport] Fix undefined when 64 indents (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.0 (2026-01-31)\u003c/h2\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e for your first PR!\u003c/p\u003e\n\u003ch4\u003e:rocket: New Feature\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-types\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17750\"\u003e#17750\u003c/a\u003e [7.x backport] Add attributes import declaration builder (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17663\"\u003e#17663\u003c/a\u003e [7.x backport] feat(standalone): export async transform (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17725\"\u003e#17725\u003c/a\u003e [7.x backport] feat: read standalone targets from data-targets (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17765\"\u003e#17765\u003c/a\u003e fix(parser): correctly parse type assertions in \u003ccode\u003eextends\u003c/code\u003e clause (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17723\"\u003e#17723\u003c/a\u003e [7.x backport] fix(parser): improve super type argument parsing (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17708\"\u003e#17708\u003c/a\u003e fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (\u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-block-scoping\u003c/code\u003e, \u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17737\"\u003e#17737\u003c/a\u003e [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (\u003ca href=\"https://github.com/magic-akari\"\u003e\u003ccode\u003e@​magic-akari\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31\"\u003e\u003ccode\u003e37d5595\u003c/code\u003e\u003c/a\u003e v7.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17\"\u003e\u003ccode\u003ed7f4008\u003c/code\u003e\u003c/a\u003e v7.28.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f\"\u003e\u003ccode\u003e35055e3\u003c/code\u003e\u003c/a\u003e v7.28.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2\"\u003e\u003ccode\u003eef155f5\u003c/code\u003e\u003c/a\u003e v7.28.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cac0ff4c3426eed30b4d27e7971b348da7c9f1e6\"\u003e\u003ccode\u003ecac0ff4\u003c/code\u003e\u003c/a\u003e v7.28.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/f68ac511f091f6d1f698e8ce59cd668d3bfc6102\"\u003e\u003ccode\u003ef68ac51\u003c/code\u003e\u003c/a\u003e chore: Avoid CITGM errors (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17382\"\u003e#17382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/baa4cb8b9f8a551d7dae9042b19ea2f74df6b110\"\u003e\u003ccode\u003ebaa4cb8\u003c/code\u003e\u003c/a\u003e v7.27.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/7d069309fdfcedda2928a043f6f7c98135c1242a\"\u003e\u003ccode\u003e7d06930\u003c/code\u003e\u003c/a\u003e v7.27.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/5b9468d9bf1ab4f427241673e9f03593da115a69\"\u003e\u003ccode\u003e5b9468d\u003c/code\u003e\u003c/a\u003e Reduce \u003ccode\u003eregenerator\u003c/code\u003e size more (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-runtime/issues/17287\"\u003e#17287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cb78b5b50e327e27467086cf8bbe196bda7cea9b\"\u003e\u003ccode\u003ecb78b5b\u003c/code\u003e\u003c/a\u003e [babel 8] Do not replace global \u003ccode\u003eregeneratorRuntime\u003c/code\u003e references in regenerato...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.2/packages/babel-runtime\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/runtime\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/traverse` from 7.2.3 to 7.29.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/traverse's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.0 (2026-01-31)\u003c/h2\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e for your first PR!\u003c/p\u003e\n\u003ch4\u003e:rocket: New Feature\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-types\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17750\"\u003e#17750\u003c/a\u003e [7.x backport] Add attributes import declaration builder (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17663\"\u003e#17663\u003c/a\u003e [7.x backport] feat(standalone): export async transform (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17725\"\u003e#17725\u003c/a\u003e [7.x backport] feat: read standalone targets from data-targets (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17765\"\u003e#17765\u003c/a\u003e fix(parser): correctly parse type assertions in \u003ccode\u003eextends\u003c/code\u003e clause (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17723\"\u003e#17723\u003c/a\u003e [7.x backport] fix(parser): improve super type argument parsing (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17708\"\u003e#17708\u003c/a\u003e fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (\u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-block-scoping\u003c/code\u003e, \u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17737\"\u003e#17737\u003c/a\u003e [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (\u003ca href=\"https://github.com/magic-akari\"\u003e\u003ccode\u003e@​magic-akari\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17642\"\u003e#17642\u003c/a\u003e [Babel 7] Improve generator performance (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eDavid (\u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/magic-akari\"\u003e\u003ccode\u003e@​magic-akari\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.28.6 (2026-01-12)\u003c/h2\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/kadhirash\"\u003e\u003ccode\u003e@​kadhirash\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/kolvian\"\u003e\u003ccode\u003e@​kolvian\u003c/code\u003e\u003c/a\u003e for your first PRs!\u003c/p\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-cli\u003c/code\u003e, \u003ccode\u003ebabel-code-frame\u003c/code\u003e, \u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-helper-check-duplicate-nodes\u003c/code\u003e, \u003ccode\u003ebabel-helper-fixtures\u003c/code\u003e, \u003ccode\u003ebabel-helper-plugin-utils\u003c/code\u003e, \u003ccode\u003ebabel-node\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-flow-comments\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-modules-commonjs\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-property-mutators\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-traverse\u003c/code\u003e, \u003ccode\u003ebabel-types\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17589\"\u003e#17589\u003c/a\u003e Improve Unicode handling in code-frame tokenizer (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-regenerator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17556\"\u003e#17556\u003c/a\u003e fix: \u003ccode\u003etransform-regenerator\u003c/code\u003e correctly handles scope (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-react-jsx\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17538\"\u003e#17538\u003c/a\u003e fix: Keep jsx comments (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17606\"\u003e#17606\u003c/a\u003e Polish(standalone): improve message on invalid preset/plugin (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-bugfix-v8-static-class-fields-redefine-readonly\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-attributes-to-assertions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-async-do-expressions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-decorators\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-destructuring-private\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-do-expressions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-explicit-resource-management\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-export-default-from\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-flow\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-function-bind\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-function-sent\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-import-assertions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-import-attributes\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-import-defer\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-import-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-jsx\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-module-blocks\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-optional-chaining-assign\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-partial-application\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-pipeline-operator\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-throw-expressions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-syntax-typescript\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-to-generator\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-class-properties\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-class-static-block\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-dotall-regex\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-duplicate-named-capturing-groups-regex\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-explicit-resource-management\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-exponentiation-operator\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-strings\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-logical-assignment-operators\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-nullish-coalescing-operator\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-numeric-separator\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-object-rest-spread\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-optional-catch-binding\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-optional-chaining\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-private-methods\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-private-property-in-object\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-regexp-modifiers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-unicode-property-regex\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-unicode-sets-regex\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17580\"\u003e#17580\u003c/a\u003e Allow Babel 8 in compatible Babel 7 plugins (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/84366a8ea453814e732784db74cf2e2b6635eb6f\"\u003e\u003ccode\u003e84366a8\u003c/code\u003e\u003c/a\u003e fix(traverse): provide a hub when traversing a File or Program and no parentP...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/229eb452c5d5d2be0dc138ec2956aff7ff1057d7\"\u003e\u003ccode\u003e229eb45\u003c/code\u003e\u003c/a\u003e [7.x backport] fix: Rename switch discriminant references when body creates s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17\"\u003e\u003ccode\u003ed7f4008\u003c/code\u003e\u003c/a\u003e v7.28.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/905bc22b2fff23673eabe467815c67b29bf8bba2\"\u003e\u003ccode\u003e905bc22\u003c/code\u003e\u003c/a\u003e fix: lint errors in main branch (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17612\"\u003e#17612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a03e2b63ae530674e866b60350b7eb4a5fcb5f59\"\u003e\u003ccode\u003ea03e2b6\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003epath.evaluate\u003c/code\u003e correctly returns \u003ccode\u003econfident\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17584\"\u003e#17584\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aac2c37e11ad58905f7f9606103074e80bacbbcd\"\u003e\u003ccode\u003eaac2c37\u003c/code\u003e\u003c/a\u003e chore: Use Gulpfile.mts (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17579\"\u003e#17579\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/65c4a6b3ee0e1d32801529e841572bb22534e1f3\"\u003e\u003ccode\u003e65c4a6b\u003c/code\u003e\u003c/a\u003e [Babel 8] fix: Improve \u003ccode\u003etraverse\u003c/code\u003e types (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17574\"\u003e#17574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99dcba5e71de3bd81ce14077cfa5b6df58e9b177\"\u003e\u003ccode\u003e99dcba5\u003c/code\u003e\u003c/a\u003e chore: enable some ts-eslint rules (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17592\"\u003e#17592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/c92c4919771105140015167f25f7bacac77c90d9\"\u003e\u003ccode\u003ec92c491\u003c/code\u003e\u003c/a\u003e Improve Unicode handling in code-frame tokenizer (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-traverse/issues/17589\"\u003e#17589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.0/packages/babel-traverse\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/traverse\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `browserify-sign` from 4.0.4 to 4.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/browserify-sign/blob/main/CHANGELOG.md\"\u003ebrowserify-sign's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/compare/v4.2.4...v4.2.5\"\u003ev4.2.5\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] clean up tests and convert console info skips to tape skips \u003ca href=\"https://github.com/browserify/browserify-sign/commit/37b083c602fb6fcd99e0856cba8859dc6f073f3c\"\u003e\u003ccode\u003e37b083c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] restore node 0.10 support \u003ca href=\"https://github.com/browserify/browserify-sign/commit/faade86fe051fc0fb1b59e3694a566116e1e79a7\"\u003e\u003ccode\u003efaade86\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eparse-asn1\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/5a0f159e1d32b5c1088a75dceb301afaf40446f9\"\u003e\u003ccode\u003e5a0f159\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] drop unsupported nodes from CI \u003ca href=\"https://github.com/browserify/browserify-sign/commit/106be97da87f296f187c44b9ee857384153b5068\"\u003e\u003ccode\u003e106be97\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/compare/v4.2.3...v4.2.4\"\u003ev4.2.4\u003c/a\u003e - 2025-09-22\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[actions] split out node 10-20, and 20+ \u003ca href=\"https://github.com/browserify/browserify-sign/commit/17920d944f04efee7ae2212e4339485ba306b723\"\u003e\u003ccode\u003e17920d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove \u003ccode\u003efiles\u003c/code\u003e field \u003ca href=\"https://github.com/browserify/browserify-sign/commit/6d5b280e0496201ba022874c864b0046a74eb45e\"\u003e\u003ccode\u003e6d5b280\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003ebn.js\u003c/code\u003e, \u003ccode\u003ebrowserify-rsa\u003c/code\u003e, \u003ccode\u003eelliptic\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/31be0c2459e1aad5158f72576c057603bf8527b6\"\u003e\u003ccode\u003e31be0c2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003esemver\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/5f6698211aa1d6dddaba8c245f40f63ae28924a3\"\u003e\u003ccode\u003e5f66982\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] replace \u003ccode\u003eaud\u003c/code\u003e with \u003ccode\u003enpm audit\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/d44b24d8691d699ccc76780b106fe9c1bf0d1558\"\u003e\u003ccode\u003ed44b24d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] add missing peer dep \u003ca href=\"https://github.com/browserify/browserify-sign/commit/ab975f4845ea5c931df037e7f0df60f045335ae7\"\u003e\u003ccode\u003eab975f4\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] revert 9e2bf12, now that v3.1.1 is out \u003ca href=\"https://github.com/browserify/browserify-sign/commit/428cf7f3f0d09f1b39312e5e51620ca684b5c1ac\"\u003e\u003ccode\u003e428cf7f\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/compare/v4.2.2...v4.2.3\"\u003ev4.2.3\u003c/a\u003e - 2024-03-05\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[patch] widen support to 0.12 \u003ca href=\"https://github.com/browserify/browserify-sign/commit/9247adfd261ededfec1c036c9d8f36c4e9f87c0e\"\u003e\u003ccode\u003e9247adf\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[patch] drop minimum node support to v1 \u003ca href=\"https://github.com/browserify/browserify-sign/commit/4d0ee49ae2dc238b877dce9aed7e23fb4cb5088d\"\u003e\u003ccode\u003e4d0ee49\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eaud\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/87f3a35a587b377da2c1987af8d41c57b5afe0a5\"\u003e\u003ccode\u003e87f3a35\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[actions] remove redundant finisher \u003ca href=\"https://github.com/browserify/browserify-sign/commit/37a475856843b7d1b2403fdafac0024ba252e579\"\u003e\u003ccode\u003e37a4758\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] pin \u003ccode\u003ehash-base\u003c/code\u003e to ~3.0, due to a breaking change \u003ca href=\"https://github.com/browserify/browserify-sign/commit/9e2bf122b70970cb92f69d53e963f18299f14d66\"\u003e\u003ccode\u003e9e2bf12\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eparse-asn1 [\u003c/code\u003ef427270`](\u003ca href=\"https://github.com/browserify/browserify-sign/commit/f427270ac11dc6be29f87d7afb046c16376a5a9c\"\u003ehttps://github.com/browserify/browserify-sign/commit/f427270ac11dc6be29f87d7afb046c16376a5a9c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eelliptic\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/fb261cea57f92b3d98bc4d8bc6228c43a5de2e91\"\u003e\u003ccode\u003efb261ce\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] pin \u003ccode\u003eelliptic\u003c/code\u003e due to a breaking change \u003ca href=\"https://github.com/browserify/browserify-sign/commit/168e16fcb54886a0281b0c983e1482a097042684\"\u003e\u003ccode\u003e168e16f\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/compare/v4.2.1...v4.2.2\"\u003ev4.2.2\u003c/a\u003e - 2023-10-25\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] log when openssl doesn't support cipher \u003ca href=\"https://redirect.github.com/browserify/browserify-sign/issues/37\"\u003e\u003ccode\u003e[#37](https://github.com/crypto-browserify/browserify-sign/issues/37)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/browserify-sign/commit/09a89959393b3c89fedd4f7f3bafa4fec44371d7\"\u003e\u003ccode\u003e09a8995\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] switch to eslint \u003ca href=\"https://github.com/browserify/browserify-sign/commit/83fe46374b819e959d56d2c0b931308f7451a664\"\u003e\u003ccode\u003e83fe463\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/browserify-sign/commit/44181838e7dcc4d5d0c568f74312ea28f0bcdfd5\"\u003e\u003ccode\u003e4418183\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/browserify-sign/commit/9ac5a5eaaac8a11eb70ec2febd13745c8764ae02\"\u003e\u003ccode\u003e9ac5a5e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to github actions \u003ca href=\"https://github.com/browserify/browserify-sign/commit/d845d855def38e2085d5a21e447a48300f99fa60\"\u003e\u003ccode\u003ed845d85\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003esign\u003c/code\u003e: throw on unsupported padding scheme \u003ca href=\"https://github.com/browserify/browserify-sign/commit/8767739a4516289568bcce9fed8a3b7e23478de9\"\u003e\u003ccode\u003e8767739\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] properly check the upper bound for DSA signatures \u003ca href=\"https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30\"\u003e\u003ccode\u003e85994cd\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle openSSL not supporting a scheme \u003ca href=\"https://github.com/browserify/browserify-sign/commit/f5f17c27f9824de40b5ce8ebd8502111203fd6af\"\u003e\u003ccode\u003ef5f17c2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/d3a7458af692134219fce56a082068f678e12474\"\u003e\u003ccode\u003ed3a7458\u003c/code\u003e\u003c/a\u003e v4.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/37b083c602fb6fcd99e0856cba8859dc6f073f3c\"\u003e\u003ccode\u003e37b083c\u003c/code\u003e\u003c/a\u003e [Tests] clean up tests and convert console info skips to tape skips\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/faade86fe051fc0fb1b59e3694a566116e1e79a7\"\u003e\u003ccode\u003efaade86\u003c/code\u003e\u003c/a\u003e [Fix] restore node 0.10 support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/5a0f159e1d32b5c1088a75dceb301afaf40446f9\"\u003e\u003ccode\u003e5a0f159\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003eparse-asn1\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/106be97da87f296f187c44b9ee857384153b5068\"\u003e\u003ccode\u003e106be97\u003c/code\u003e\u003c/a\u003e [actions] drop unsupported nodes from CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/9c371720efd60af4e08f83df4cd612a6ed135cec\"\u003e\u003ccode\u003e9c37172\u003c/code\u003e\u003c/a\u003e v4.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/6d5b280e0496201ba022874c864b0046a74eb45e\"\u003e\u003ccode\u003e6d5b280\u003c/code\u003e\u003c/a\u003e [meta] remove \u003ccode\u003efiles\u003c/code\u003e field\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/17920d944f04efee7ae2212e4339485ba306b723\"\u003e\u003ccode\u003e17920d9\u003c/code\u003e\u003c/a\u003e [actions] split out node 10-20, and 20+\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/31be0c2459e1aad5158f72576c057603bf8527b6\"\u003e\u003ccode\u003e31be0c2\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003ebn.js\u003c/code\u003e, \u003ccode\u003ebrowserify-rsa\u003c/code\u003e, \u003ccode\u003eelliptic\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/browserify-sign/commit/ab975f4845ea5c931df037e7f0df60f045335ae7\"\u003e\u003ccode\u003eab975f4\u003c/code\u003e\u003c/a\u003e [Dev Deps] add missing peer dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/browserify-sign/compare/v4.0.4...v4.2.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for browserify-sign since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `decode-uri-component` from 0.2.0 to 0.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/releases\"\u003edecode-uri-component's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent overwriting previously decoded tokens  980e0bf\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to GitHub workflows  76abc93\u003c/li\u003e\n\u003cli\u003eFix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e  746ca5d\u003c/li\u003e\n\u003cli\u003eUpdate license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)  486d7e2\u003c/li\u003e\n\u003cli\u003eTidelift tasks  a650457\u003c/li\u003e\n\u003cli\u003eMeta tweaks  66e1c28\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\"\u003ehttps://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a0eea469d26eb0df668b081672cdb9581feb78eb\"\u003e\u003ccode\u003ea0eea46\u003c/code\u003e\u003c/a\u003e 0.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/980e0bf09b64d94f1aa79012f895816c30ffd152\"\u003e\u003ccode\u003e980e0bf\u003c/code\u003e\u003c/a\u003e Prevent overwriting previously decoded tokens\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/3c8a373dd4837e89b3f970e01295dd03e1405a33\"\u003e\u003ccode\u003e3c8a373\u003c/code\u003e\u003c/a\u003e 0.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/76abc939783fe3900fadb7d384a74d324d5557f3\"\u003e\u003ccode\u003e76abc93\u003c/code\u003e\u003c/a\u003e Switch to GitHub workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9\"\u003e\u003ccode\u003e746ca5d\u003c/code\u003e\u003c/a\u003e Fix issue where decode throws - fixes \u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/6\"\u003e#6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/486d7e26d3a8c0fbe860fb651fe1bc98c2f2be30\"\u003e\u003ccode\u003e486d7e2\u003c/code\u003e\u003c/a\u003e Update license (\u003ca href=\"https://redirect.github.com/SamVerschueren/decode-uri-component/issues/1\"\u003e#1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/a65045724e6234acef87f31da499d4807b20b134\"\u003e\u003ccode\u003ea650457\u003c/code\u003e\u003c/a\u003e Tidelift tasks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/commit/66e1c2834c0e189201cb65196ec3101372459b02\"\u003e\u003ccode\u003e66e1c28\u003c/code\u003e\u003c/a\u003e Meta tweaks\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `elliptic` from 6.5.1 to 6.6.1\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/9b77436a59cc35eccf4ffb848259c8762a492ee7\"\u003e\u003ccode\u003e9b77436\u003c/code\u003e\u003c/a\u003e 6.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/04cb6f54ce552b3ebde6be06d6050419e1c7333e\"\u003e\u003ccode\u003e04cb6f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/b8a7edd61a0d9bddd0bbf3436a4b476401edbe20\"\u003e\u003ccode\u003eb8a7edd\u003c/code\u003e\u003c/a\u003e 6.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/34c853478cec1be4e37260ed2cb12cdbdc6402cf\"\u003e\u003ccode\u003e34c8534\u003c/code\u003e\u003c/a\u003e fix: signature verification due to leading zeros\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/3e46a48fdd2ef2f89593e5e058d85530578c9761\"\u003e\u003ccode\u003e3e46a48\u003c/code\u003e\u003c/a\u003e 6.5.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11\"\u003e\u003ccode\u003eaccb61e\u003c/code\u003e\u003c/a\u003e lib: DER signature decoding correction\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/03e06e135c8e44a2da560fa197d0ba1e1e2759e9\"\u003e\u003ccode\u003e03e06e1\u003c/code\u003e\u003c/a\u003e 6.5.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281\"\u003e\u003ccode\u003e7ac5360\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/75700785ff41bb5d029d19186beff26d4883caa5\"\u003e\u003ccode\u003e7570078\u003c/code\u003e\u003c/a\u003e 6.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/elliptic/commit/206da2ee373e68466cde353f81fb59ef251b740b\"\u003e\u003ccode\u003e206da2e\u003c/code\u003e\u003c/a\u003e lib: lint\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/indutny/elliptic/compare/v6.5.1...v6.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.5.2 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.5.2...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `body-parser` from 1.18.3 to 1.20.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/releases\"\u003ebody-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.20.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThe reason for this release is a fix to the extended urlencoded parser returning objects instead of arrays for large array inputs (\u0026gt; 100) on qs@6.14.2+. (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/692\"\u003eexpressjs/body-parser#692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correct off-by-one error in parameterCount by \u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps(qs): bump qs to 6.15.1 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/722\"\u003eexpressjs/body-parser#722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.5 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/721\"\u003eexpressjs/body-parser#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/abhu85\"\u003e\u003ccode\u003e@​abhu85\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/716\"\u003eexpressjs/body-parser#716\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSpecial thanks to triager \u003ca href=\"https://github.com/krzysdz\"\u003e\u003ccode\u003e@​krzysdz\u003c/code\u003e\u003c/a\u003e for keeping this on our radar and effectively triaging the specific issue!\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.4...1.20.5\"\u003ehttps://github.com/expressjs/body-parser/compare/1.20.4...1.20.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.20.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove redundant depth check by \u003ca href=\"https://github.com/blakeembrey\"\u003e\u003ccode\u003e@​blakeembrey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/538\"\u003eexpressjs/body-parser#538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add support for Node.js v23 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/553\"\u003eexpressjs/body-parser#553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: restore CI for 1.x branch by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/665\"\u003eexpressjs/body-parser#665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@^6.14.0 by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/664\"\u003eexpressjs/body-parser#664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation and update certain dependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/668\"\u003eexpressjs/body-parser#668\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: remove SECURITY.md by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/669\"\u003eexpressjs/body-parser#669\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add CodeQL (SAST) by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/670\"\u003eexpressjs/body-parser#670\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.4 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/672\"\u003eexpressjs/body-parser#672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.20.3...1.20.4\"\u003ehttps://github.com/expressjs/body-parser/compare/1.20.3...1.20.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.20.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eImportant\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIMPORTANT:\u003c/strong\u003e The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e). \u003ca href=\"https://github.com/expressjs/body-parser/blob/17529513673e39ba79886a7ce3363320cf1c0c50/README.md#depth\"\u003eDocumentation\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: add support for OSSF scorecard reporting by \u003ca href=\"https://github.com/inigomarquinez\"\u003e\u003ccode\u003e@​inigomarquinez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/522\"\u003eexpressjs/body-parser#522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: fix errors in ci github action for node 8 and 9 by \u003ca href=\"https://github.com/inigomarquinez\"\u003e\u003ccode\u003e@​inigomarquinez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/523\"\u003eexpressjs/body-parser#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: pin to node@22.4.1 by \u003ca href=\"https://github.com/wesleytodd\"\u003e\u003ccode\u003e@​wesleytodd\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/527\"\u003eexpressjs/body-parser#527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@6.12.3 by \u003ca href=\"https://github.com/melikhov-dev\"\u003e\u003ccode\u003e@​melikhov-dev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/521\"\u003eexpressjs/body-parser#521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd OSSF Scorecard badge by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/531\"\u003eexpressjs/body-parser#531\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eLinter by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/534\"\u003eexpressjs/body-parser#534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 1.20.3 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/535\"\u003eexpressjs/body-parser#535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/blob/1.20.5/HISTORY.md\"\u003ebody-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.20.5 / 2026-04-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction\u003c/li\u003e\n\u003cli\u003efix: extended urlencoded parsing of arrays with \u0026gt;100 elements (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edeps: qs@~6.15.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.4 / 2025-12-01\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@~6.14.0\u003c/li\u003e\n\u003cli\u003edeps: use tilde notation for dependencies\u003c/li\u003e\n\u003cli\u003edeps: http-errors@~2.0.1\u003c/li\u003e\n\u003cli\u003edeps: raw-body@~2.5.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.3 / 2024-09-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@6.13.0\u003c/li\u003e\n\u003cli\u003eadd \u003ccode\u003edepth\u003c/code\u003e option to customize the depth level in the parser\u003c/li\u003e\n\u003cli\u003eIMPORTANT: The default \u003ccode\u003edepth\u003c/code\u003e level for parsing URL-encoded data is now \u003ccode\u003e32\u003c/code\u003e (previously was \u003ccode\u003eInfinity\u003c/code\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.2 / 2023-02-21\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix strict json error message on Node.js 19+\u003c/li\u003e\n\u003cli\u003edeps: content-type@~1.0.5\n\u003cul\u003e\n\u003cli\u003eperf: skip value escaping when unnecessary\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: raw-body@2.5.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.1 / 2022-10-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@6.11.0\u003c/li\u003e\n\u003cli\u003eperf: remove unnecessary object clone\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e1.20.0 / 2022-04-02\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix error message for json parse whitespace in \u003ccode\u003estrict\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix internal error when inflated body exceeds limit\u003c/li\u003e\n\u003cli\u003ePrevent loss of async hooks context\u003c/li\u003e\n\u003cli\u003ePrevent hanging when request already read\u003c/li\u003e\n\u003cli\u003edeps: depd@2.0.0\n\u003cul\u003e\n\u003cli\u003eReplace internal \u003ccode\u003eeval\u003c/code\u003e usage with \u003ccode\u003eFunction\u003c/code\u003e constructor\u003c/li\u003e\n\u003cli\u003eUse instance methods on \u003ccode\u003eprocess\u003c/code\u003e to check for listeners\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: http-errors@2.0.0\n\u003cul\u003e\n\u003cli\u003edeps: depd@2.0.0\u003c/li\u003e\n\u003cli\u003edeps: statuses@2.0.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edeps: on-finished@2.4.1\u003c/li\u003e\n\u003cli\u003edeps: qs@6.10.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/0defdbe7f95ad0d3bc007d3a7c59c8c0ab9e6575\"\u003e\u003ccode\u003e0defdbe\u003c/code\u003e\u003c/a\u003e release(patch): 1.20.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/cd0e7a000c53e7be7262d303e57a352b6a00db7f\"\u003e\u003ccode\u003ecd0e7a0\u003c/code\u003e\u003c/a\u003e deps(qs): bump qs to 6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/6f24d7e8bcd9860b136920926ce86da1a7dd1d51\"\u003e\u003ccode\u003e6f24d7e\u003c/code\u003e\u003c/a\u003e fix: correct off-by-one error in parameterCount (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/716\"\u003e#716\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b849bd533d8b4abf5576a3e301f28d9befa05ddd\"\u003e\u003ccode\u003eb849bd5\u003c/code\u003e\u003c/a\u003e deps: qs@~6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/690\"\u003e#690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/2c55e2f712f320a8e8d0f9fcb1d06526d0e401c9\"\u003e\u003ccode\u003e2c55e2f\u003c/code\u003e\u003c/a\u003e refactor(json): simplify strict mode error string construction (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/7db202cac84a001e6566c2dc6516b44db98beff3\"\u003e\u003ccode\u003e7db202c\u003c/code\u003e\u003c/a\u003e 1.20.4 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/672\"\u003e#672\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d8f8adb898676dfdf997b4455e5f9b689b53e989\"\u003e\u003ccode\u003ed8f8adb\u003c/code\u003e\u003c/a\u003e ci: add CodeQL (SAST) (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/6d133c19b3e7c0bb8301959ca1dba283d23d23c3\"\u003e\u003ccode\u003e6d133c1\u003c/code\u003e\u003c/a\u003e chore: remove SECURITY.md (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/669\"\u003e#669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/fcd15355041ada6f37288dd13858d50429016b66\"\u003e\u003ccode\u003efcd1535\u003c/code\u003e\u003c/a\u003e deps: use tilde notation and update certain dependencies (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/668\"\u003e#668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/ec5fa290d25d85e0049757e240249072331eaee6\"\u003e\u003ccode\u003eec5fa29\u003c/code\u003e\u003c/a\u003e deps: qs@~6.14.0 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/664\"\u003e#664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/body-parser/compare/1.18.3...1.20.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jonchurch\"\u003ejonchurch\u003c/a\u003e, a new releaser for body-parser since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.5.3 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.7 - February 15th, 2021\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix weird error in integration tests - eb860c0\u003c/li\u003e\n\u003cli\u003efix: check prototype property access in strict-mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - b6d3de7\u003c/li\u003e\n\u003cli\u003efix: escape property names in compat mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1736\"\u003e#1736\u003c/a\u003e) - f058970\u003c/li\u003e\n\u003cli\u003erefactor: In spec tests, use expectTemplate over equals and shouldThrow (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1683\"\u003e#1683\u003c/a\u003e) - 77825f8\u003c/li\u003e\n\u003cli\u003echore: start testing on Node.js 12 and 13 - 3789a30\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e(POSSIBLY) BREAKING CHANGES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ethe changes from version \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md#v460---january-8th-2020\"\u003e4.6.0\u003c/a\u003e now also apply\nin when using the compile-option \u0026quot;strict: true\u0026quot;. Access to prototype properties is forbidden completely by default, specific properties or methods\ncan be allowed via runtime-options. See \u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1633\"\u003e#1633\u003c/a\u003e for details. If you are using Handlebars as documented, you should not be accessing prototype properties\nfrom your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThat is why we only bump the patch version despite mentioning breaking changes.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/wycats/handlebars.js/compare/v4.7.6...v4.7.7\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.6 - April 3rd, 2020\u003c/h2\u003e\n\u003cp\u003eChore/Housekeeping:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/wycats/handlebars.js/issues/1672\"\u003e#1672\u003c/a\u003e - Switch cmd parser to latest minimist (\u003ca href=\"https://api.github.com/users/dougwilson\"\u003e\u003ccode\u003e@​dougwilson\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCompatibility notes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestored Node.js compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/...\n\n_Description has been truncated_","html_url":"https://github.com/elkozmon/zoonavigator/pull/159","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/elkozmon%2Fzoonavigator/issues/159","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/159/packages"}},{"old_version":"1.12.1","new_version":"1.13.8","update_type":"minor","path":null,"pr_created_at":"2026-05-22T21:48:21.000Z","version_change":"1.12.1 → 1.13.8","issue":{"uuid":"4505778976","node_id":"PR_kwDOBTb13s7egQUz","number":152,"state":"closed","title":"build(deps): bump the web-npm-minor-patch group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-23T08:43:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T21:48:21.000Z","updated_at":"2026-05-23T08:43:30.000Z","time_to_close":39307,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"web-npm-minor-patch","update_count":9,"packages":[{"name":"file-saver","old_version":"2.0.2","new_version":"2.0.5","repository_url":"https://github.com/eligrey/FileSaver.js"},{"name":"js-beautify","old_version":"1.10.2","new_version":"1.15.4","repository_url":"https://github.com/beautifier/js-beautify"},{"name":"rxjs-compat","old_version":"6.5.3","new_version":"6.6.7"},{"name":"underscore","old_version":"1.12.1","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"@types/underscore","old_version":"1.9.4","new_version":"1.13.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"zone.js","old_version":"0.8.29","new_version":"0.16.2","repository_url":"https://github.com/angular/angular"},{"name":"@types/text-encoding-utf-8","old_version":"1.0.1","new_version":"1.0.5","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"karma-chrome-launcher","old_version":"3.1.0","new_version":"3.2.0","repository_url":"https://github.com/karma-runner/karma-chrome-launcher"},{"name":"sass","old_version":"1.89.2","new_version":"1.100.0","repository_url":"https://github.com/sass/dart-sass"}],"path":null,"ecosystem":"npm"},"body":"Bumps the web-npm-minor-patch group with 9 updates in the /web directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [file-saver](https://github.com/eligrey/FileSaver.js) | `2.0.2` | `2.0.5` |\n| [js-beautify](https://github.com/beautifier/js-beautify) | `1.10.2` | `1.15.4` |\n| rxjs-compat | `6.5.3` | `6.6.7` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.12.1` | `1.13.8` |\n| [@types/underscore](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/underscore) | `1.9.4` | `1.13.0` |\n| [zone.js](https://github.com/angular/angular/tree/HEAD/packages/zone.js) | `0.8.29` | `0.16.2` |\n| [@types/text-encoding-utf-8](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/text-encoding-utf-8) | `1.0.1` | `1.0.5` |\n| [karma-chrome-launcher](https://github.com/karma-runner/karma-chrome-launcher) | `3.1.0` | `3.2.0` |\n| [sass](https://github.com/sass/dart-sass) | `1.89.2` | `1.100.0` |\n\n\nUpdates `file-saver` from 2.0.2 to 2.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eligrey/FileSaver.js/releases\"\u003efile-saver's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.4\u003c/h2\u003e\n\u003cp\u003echanges how it detect safari\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eligrey/FileSaver.js/blob/master/CHANGELOG.md\"\u003efile-saver's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eligrey/FileSaver.js/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-beautify` from 1.10.2 to 1.15.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/beautifier/js-beautify/releases\"\u003ejs-beautify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.3 🌈\u003c/h2\u003e\n\u003cp\u003eDowngrade \u003ccode\u003eglob\u003c/code\u003e to v10.x for Node.js 18.x support\u003c/p\u003e\n\u003ch2\u003ev1.15.2 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.15.1 🌈\u003c/h2\u003e\n\u003ch2\u003eHOTFIX\u003c/h2\u003e\n\u003cp\u003eMerged \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2288\"\u003e#2288\u003c/a\u003e to beautifier.io dropping \u003ccode\u003epolyfill.io\u003c/code\u003e  usage.\u003c/p\u003e\n\u003ch2\u003ev1.15.0 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.11 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.9 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.8 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.6 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.5 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.4\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.3\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.2 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.14.0 🌈\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.13.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.12.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003ch2\u003ev1.11.0\u003c/h2\u003e\n\u003cp\u003eNo release notes provided.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/beautifier/js-beautify/blob/main/CHANGELOG.md\"\u003ejs-beautify's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade nopt to v7.x to maintain Node.js v14 compatibility (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2358\"\u003e#2358\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix node 18 support by downgrading glob to v10 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2350\"\u003e#2350\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch SNYK-JS-CROSSSPAWN-8303230 issue brought it through old glob package (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erelease wheels on pypi (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2313\"\u003e#2313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eModuleNotFoundError: No module named 'setuptools.command.test' as of latest setuptools package release (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2301\"\u003e#2301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Python]Compatible with setuptools\u0026gt;=72 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2300\"\u003e#2300\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTurn new angular templating off by default in html (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2247\"\u003e#2247\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePerf regression in latest release (1.15.0) (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2246\"\u003e#2246\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2219\"\u003e#2219\u003c/a\u003e - formatting of new Angular control flow syntax (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2221\"\u003e#2221\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eEditor not working \u003ca href=\"https://beautifier.io/\"\u003ehttps://beautifier.io/\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2201\"\u003e#2201\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSet nodejs minimum to v14 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInvalid prettification of object with unicode escape character as object key (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2159\"\u003e#2159\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003einvalid json being generated with wrap_line_length (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1932\"\u003e#1932\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump semver and editorconfig (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2161\"\u003e#2161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate editorconfig package (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2160\"\u003e#2160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow to configure the \u0026quot;custom elements as inline elements\u0026quot; behavior (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2113\"\u003e#2113\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire nodejs v12 or greater (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2151\"\u003e#2151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCSS insideNonNestedAtRule generic variable  (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2147\"\u003e#2147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate dependencies (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2145\"\u003e#2145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI build (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2144\"\u003e#2144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2133\"\u003e#2133\u003c/a\u003e Theme Toggle on without_codemirror Mode (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2138\"\u003e#2138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003euse correct variable name (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2135\"\u003e#2135\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: Fix a few typos (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd support for new record types (cont.) (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2118\"\u003e#2118\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix - semicolon followed by block statement doesnt have new line (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2117\"\u003e#2117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix formatting related to the \u003c!-- raw HTML omitted --\u003e element (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2114\"\u003e#2114\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eissue prettifying (function(){code();{code}})() (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1852\"\u003e#1852\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDoc: Updates web browser implementation examples (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/pull/2107\"\u003e#2107\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHTML formatter breaks layout by introducing newlines (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/1989\"\u003e#1989\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGlobs no longer work on Windows in 1.14.5 (\u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/1eab9a1c5e360f375cd77cafc3921ec7558fb705\"\u003e\u003ccode\u003e1eab9a1\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/staging/main' into staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/b8174edb90f0f6fe05372ba61b1fbaa1793af5c3\"\u003e\u003ccode\u003eb8174ed\u003c/code\u003e\u003c/a\u003e Bump version numbers for 1.15.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/0f0b61a18e348087e87c55dd77045f73a393a96f\"\u003e\u003ccode\u003e0f0b61a\u003c/code\u003e\u003c/a\u003e Update Changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/11faca4ea08aaf86f4b547a5b0cf9518592fd8c9\"\u003e\u003ccode\u003e11faca4\u003c/code\u003e\u003c/a\u003e Downgrade nopt to maintain nodejs 14 support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/53bf08942f6dd2f502585ac459c3d98937a0476b\"\u003e\u003ccode\u003e53bf089\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2353\"\u003e#2353\u003c/a\u003e from beautifier/staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/bc8ce4b436d8a42ae8ee0d1da05bdb64fbaad684\"\u003e\u003ccode\u003ebc8ce4b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2352\"\u003e#2352\u003c/a\u003e from beautifier/staging/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/78748ead003a548236f4e106cc66b4df829b7e21\"\u003e\u003ccode\u003e78748ea\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/staging/main' into staging/release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/f37ab9177821df250b1794ddac3f1bcc2a99eaab\"\u003e\u003ccode\u003ef37ab91\u003c/code\u003e\u003c/a\u003e Bump version numbers for 1.15.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/aaeb85b78864f91accae112b325769724e295acd\"\u003e\u003ccode\u003eaaeb85b\u003c/code\u003e\u003c/a\u003e Update Changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/beautifier/js-beautify/commit/dc9880bc5c376d6371c181824acb5e9b93a26073\"\u003e\u003ccode\u003edc9880b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/beautifier/js-beautify/issues/2350\"\u003e#2350\u003c/a\u003e from weiwei/fix-node-dep\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/beautifier/js-beautify/compare/v1.10.2...v1.15.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rxjs-compat` from 6.5.3 to 6.6.7\n\nUpdates `underscore` from 1.12.1 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.12.1...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/underscore` from 1.9.4 to 1.13.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/underscore\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `zone.js` from 0.8.29 to 0.16.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/angular/angular/blob/main/packages/zone.js/CHANGELOG.md\"\u003ezone.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.2 (2026-05-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat(zone.js): support vitest patching in zone.js/testing (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/68395\"\u003e#68395\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/62c6e3b\"\u003e62c6e3b\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/68395\"\u003e#68395\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/68395\"\u003e#68395\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(zone.js): allow draining microtasks in \u003ccode\u003ePromise.then\u003c/code\u003e (through flag) (\u003ca href=\"https://github.com/angular/angular/commit/fc6a7ee\"\u003efc6a7ee\u003c/a\u003e), closes \u003ca href=\"https://github.com/angular/issues/45273\"\u003eangular#45273\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/44446\"\u003eangular#44446\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/55590\"\u003eangular#55590\u003c/a\u003e \u003ca href=\"https://github.com/angular/issues/51328\"\u003eangular#51328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.1 (2026-02-18)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(zone.js): support passthrough of Promise.try API (\u003ca href=\"https://github.com/angular/angular/commit/fc557f0\"\u003efc557f0\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/67057\"\u003e#67057\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e0.16.0 (2025-11-19)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(zone.js): Support jasmine v6 (\u003ca href=\"https://github.com/angular/angular/commit/48abe00\"\u003e48abe00\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix(zone.js): waitForAsync should pass args to the test function (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/61755\"\u003e#61755\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/3c216c1\"\u003e3c216c1\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/61755\"\u003e#61755\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/61717\"\u003e#61717\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/61755\"\u003e#61755\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): Add internal implementation for auto ticking fakeAsync (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/62135\"\u003e#62135\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/0a827f9\"\u003e0a827f9\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/62135\"\u003e#62135\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/62135\"\u003e#62135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): Improve missing proxy zone error for jest imported (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/64497\"\u003e#64497\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/ced2fa5\"\u003eced2fa5\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/64497\"\u003e#64497\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/47603\"\u003e#47603\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/64497\"\u003e#64497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): remove legacy browser support (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/63511\"\u003e#63511\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/2e46596\"\u003e2e46596\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/63511\"\u003e#63511\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63511\"\u003e#63511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(zone.js): remove unused jasmine globalerror monkey patching. (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/63077\"\u003e#63077\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/9aef481\"\u003e9aef481\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/63077\"\u003e#63077\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63072\"\u003e#63072\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/63077\"\u003e#63077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest(zone.js): refactor tests to remove usage of shelljs (\u003ca href=\"https://github.com/angular/angular/tree/HEAD/packages/zone.js/issues/64042\"\u003e#64042\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/422a3b9\"\u003e422a3b9\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/64042\"\u003e#64042\u003c/a\u003e \u003ca href=\"https://redirect.github.com/angular/angular/issues/64042\"\u003e#64042\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBREAKING CHANGE\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIE/Non-Chromium Edge are not supported anymore.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.15.0...zone.js-0.15.1\"\u003e0.15.1\u003c/a\u003e (2025-05-22)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e classes that extend Error should retain cause property (\u003ca href=\"https://redirect.github.com/angular/angular/issues/61599\"\u003e#61599\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/ad8931cb4968b2bd25b05dcd3d856ec32e4d7145\"\u003ead8931c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e more robust check for promise-like objects (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57388\"\u003e#57388\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/e608e6cfbbc9fba7c74bfef72f102a502e951e6c\"\u003ee608e6c\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/57385\"\u003e#57385\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e remove \u003ccode\u003eabort\u003c/code\u003e listener once fetch is settled (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57882\"\u003e#57882\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/69763491c3ffb576822b179af3363ec666d43bce\"\u003e6976349\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.14.10...zone.js-0.15.0\"\u003e0.15.0\u003c/a\u003e (2024-08-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e Add support for addition jest functions. (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57280\"\u003e#57280\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/e1240c6f5d9a3d68ccef7ffbf0a0646ad1164cd8\"\u003ee1240c6\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/angular/angular/issues/57277\"\u003e#57277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e Update the default behavior of fakeAsync to flush after the test (\u003ca href=\"https://redirect.github.com/angular/angular/issues/57240\"\u003e#57240\u003c/a\u003e) (\u003ca href=\"https://github.com/angular/angular/commit/70e8b40750e894bc1439713cd508d8bd9fafb7a4\"\u003e70e8b40\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ezone.js:\u003c/strong\u003e \u003ccode\u003efakeAsync\u003c/code\u003e will now flush pending timers at the end of\nthe given function by default. To opt-out of this, you can use \u003ccode\u003e{flush: false}\u003c/code\u003e in options parameter of \u003ccode\u003efakeAsync\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/angular/angular/compare/zone.js-0.14.8...zone.js-0.14.10\"\u003e0.14.10\u003c/a\u003e (2024-08-05)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/angular/angular/commits/zone.js-0.16.2/packages/zone.js\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~google-wombot\"\u003egoogle-wombot\u003c/a\u003e, a new releaser for zone.js since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/text-encoding-utf-8` from 1.0.1 to 1.0.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/text-encoding-utf-8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/underscore` from 1.9.4 to 1.13.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/underscore\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `karma-chrome-launcher` from 3.1.0 to 3.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/releases\"\u003ekarma-chrome-launcher's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2023-04-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd process.env.ProgramW6432 as root location for binaries (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e12a73db\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.1.1\"\u003e3.1.1\u003c/a\u003e (2022-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eartificially trigger a release (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e83fdc3c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/blob/master/CHANGELOG.md\"\u003ekarma-chrome-launcher's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.1...v3.2.0\"\u003e3.2.0\u003c/a\u003e (2023-04-20)\u003c/h1\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd process.env.ProgramW6432 as root location for binaries (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e12a73db\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.1.1\"\u003e3.1.1\u003c/a\u003e (2022-03-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eartificially trigger a release (\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e83fdc3c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/e92a2b4c19d43fe47a3322a31f72d2a5bfcf77b0\"\u003e\u003ccode\u003ee92a2b4\u003c/code\u003e\u003c/a\u003e chore(release): 3.2.0 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/12a73dba261c78fdba4aff4dbb741ac87adfed01\"\u003e\u003ccode\u003e12a73db\u003c/code\u003e\u003c/a\u003e feat: add process.env.ProgramW6432 as root location for binaries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d193ef328ed9cb6474b59137e106cf67319f5262\"\u003e\u003ccode\u003ed193ef3\u003c/code\u003e\u003c/a\u003e build(deps): bump semver-regex from 3.1.3 to 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d1c05e372a4c3f1c784257f4127bab1ff0460afe\"\u003e\u003ccode\u003ed1c05e3\u003c/code\u003e\u003c/a\u003e build(deps): bump engine.io and karma\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/3f0cd9985703fae99d123530600c248f0df9209a\"\u003e\u003ccode\u003e3f0cd99\u003c/code\u003e\u003c/a\u003e build(deps): bump qs and body-parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/5f3cbb1df8a95ab212c8dbb8ff1f03efbaf9a3c6\"\u003e\u003ccode\u003e5f3cbb1\u003c/code\u003e\u003c/a\u003e chore(release): 3.1.1 [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/83fdc3ca5666374c677408ed0589e66b1124bec4\"\u003e\u003ccode\u003e83fdc3c\u003c/code\u003e\u003c/a\u003e fix: artificially trigger a release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/4dc0bd282c9a20e8ebdbbb0b636816959f498195\"\u003e\u003ccode\u003e4dc0bd2\u003c/code\u003e\u003c/a\u003e docs: fix Karma's url\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/5400b23199c682bc6bc00739fd6a8d9f6c520bed\"\u003e\u003ccode\u003e5400b23\u003c/code\u003e\u003c/a\u003e docs: explain testing, linting and commit linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/commit/d2ad8c69f7f88e479ac6b40e4e699232d8a675c3\"\u003e\u003ccode\u003ed2ad8c6\u003c/code\u003e\u003c/a\u003e build: disallow \u003ccode\u003echore\u003c/code\u003e type commits\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/karma-runner/karma-chrome-launcher/compare/v3.1.0...v3.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sass` from 1.89.2 to 1.100.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sass/dart-sass/releases\"\u003esass's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDart Sass 1.100.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.100.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eWriting two compound selectors adjacent to one another without any whitespace between them, such as \u003ccode\u003e[class]a\u003c/code\u003e, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/adjacent-compounds\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#11000\"\u003efull changelog\u003c/a\u003e for changes in earlier releases.\u003c/p\u003e\n\u003ch2\u003eDart Sass 1.99.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.99.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003ch1\u003eChanges\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for parent selectors (\u003ccode\u003e\u0026amp;\u003c/code\u003e) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#using_outside_nested_rule\"\u003ethe scoping root\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003ecalc\u003c/code\u003e or \u003ccode\u003eclamp\u003c/code\u003e are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in \u003ccode\u003ecalc()\u003c/code\u003e or \u003ccode\u003eclamp()\u003c/code\u003e function.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e, \u003ccode\u003e-url\u003c/code\u003e, \u003ccode\u003e-and\u003c/code\u003e, \u003ccode\u003e-or\u003c/code\u003e, or \u003ccode\u003e-not\u003c/code\u003e are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003eEXPRESSION\u003c/code\u003e, \u003ccode\u003eURL\u003c/code\u003e, and \u003ccode\u003eELEMENT\u003c/code\u003e, those that begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-ELEMENT\u003c/code\u003e, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn a future release, calls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e and \u003ccode\u003e-url\u003c/code\u003e will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCalls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-progid:...\u003c/code\u003e are deprecated.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/sass/dart-sass/blob/master/CHANGELOG.md#1990\"\u003efull changelog\u003c/a\u003e for changes in earlier releases.\u003c/p\u003e\n\u003ch2\u003eDart Sass 1.98.0\u003c/h2\u003e\n\u003cp\u003eTo install Sass 1.98.0, download one of the packages below and \u003ca href=\"https://katiek2.github.io/path-doc/\"\u003eadd it to your PATH\u003c/a\u003e, or see \u003ca href=\"https://sass-lang.com/install\"\u003ethe Sass website\u003c/a\u003e for full installation instructions.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sass/dart-sass/blob/main/CHANGELOG.md\"\u003esass's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.100.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eWriting two compound selectors adjacent to one another without any whitespace\nbetween them, such as \u003ccode\u003e[class]a\u003c/code\u003e, is now deprecated. This was always an error\nin CSS and Sass only supported it by mistake.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/adjacent-compounds\"\u003ethe Sass website\u003c/a\u003e for\ndetails.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.99.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for parent selectors (\u003ccode\u003e\u0026amp;\u003c/code\u003e) at the root of the document. These are\nemitted as-is in the CSS output, where they're interpreted as \u003ca href=\"https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector#using_outside_nested_rule\"\u003ethe scoping\nroot\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003ecalc\u003c/code\u003e or \u003ccode\u003eclamp\u003c/code\u003e are no longer forbidden. If\nsuch a function exists without a namespace in the current module, it will be\nused instead of the built-in \u003ccode\u003ecalc()\u003c/code\u003e or \u003ccode\u003eclamp()\u003c/code\u003e function.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-expression\u003c/code\u003e,\n\u003ccode\u003e-url\u003c/code\u003e, \u003ccode\u003e-and\u003c/code\u003e, \u003ccode\u003e-or\u003c/code\u003e, or \u003ccode\u003e-not\u003c/code\u003e are no longer forbidden. These were\noriginally intended to match vendor prefixes, but in practice no vendor\nprefixes for these functions ever existed in real browsers.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUser-defined functions named \u003ccode\u003eEXPRESSION\u003c/code\u003e, \u003ccode\u003eURL\u003c/code\u003e, and \u003ccode\u003eELEMENT\u003c/code\u003e, those that\nbegin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-ELEMENT\u003c/code\u003e, as well as the same names with some\nlowercase letters are now deprecated, These are names conflict with plain CSS\nfunctions that have special syntax.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eIn a future release, calls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end\nwith \u003ccode\u003e-expression\u003c/code\u003e and \u003ccode\u003e-url\u003c/code\u003e will no longer have special parsing. For now,\nthese calls are deprecated if their behavior will change in the future.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eCalls to functions whose names begin with \u003ccode\u003e-\u003c/code\u003e and end with \u003ccode\u003e-progid:...\u003c/code\u003e are\ndeprecated.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://sass-lang.com/d/function-name\"\u003ethe Sass website\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.98.0\u003c/h2\u003e\n\u003ch3\u003eCommand-Line Interface\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGracefully handle dependency loops in \u003ccode\u003e--watch\u003c/code\u003e mode.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/5fd18c75e31a855476059fb6fb0c6aa829292739\"\u003e\u003ccode\u003e5fd18c7\u003c/code\u003e\u003c/a\u003e Bump node engine requirement to \u0026gt;=20.19.0 and chokidar requirement to ^5.0.0 ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/8c1d984e420d891c9c92ba1afc8b28e70a2afb78\"\u003e\u003ccode\u003e8c1d984\u003c/code\u003e\u003c/a\u003e Deprecate adjacent compound selectors (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2765\"\u003e#2765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/8e5f7180b4f3de4281d3454090548c03e9db8135\"\u003e\u003ccode\u003e8e5f718\u003c/code\u003e\u003c/a\u003e Bump postcss from 8.5.12 to 8.5.13 in /pkg/sass-parser (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2767\"\u003e#2767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/1447f9b42e89d693ce308bad9cbf8ec3e1db78c4\"\u003e\u003ccode\u003e1447f9b\u003c/code\u003e\u003c/a\u003e Bump postcss from 8.5.8 to 8.5.12 in /pkg/sass-parser (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2766\"\u003e#2766\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/83c39fec93ab0dc183a46cff2bc468999ce53e20\"\u003e\u003ccode\u003e83c39fe\u003c/code\u003e\u003c/a\u003e Support the top-level parent selector (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2758\"\u003e#2758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/ec85871864ca16f8045e66ad329bd462e791bfa1\"\u003e\u003ccode\u003eec85871\u003c/code\u003e\u003c/a\u003e Bump EndBug/add-and-commit from 9 to 10 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2756\"\u003e#2756\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/a604acd19ad2ce31ef2efe9aa5950b0c5fcc74a9\"\u003e\u003ccode\u003ea604acd\u003c/code\u003e\u003c/a\u003e [Function Name] Implement changes (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2731\"\u003e#2731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/5a81ae3348caab2131ee08c8c0141337420372b5\"\u003e\u003ccode\u003e5a81ae3\u003c/code\u003e\u003c/a\u003e Bump version to 1.98.0 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2754\"\u003e#2754\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/e25e71ddd86b29b6a91f189a1211656081d1932a\"\u003e\u003ccode\u003ee25e71d\u003c/code\u003e\u003c/a\u003e Update immutable to v5.1.5 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2753\"\u003e#2753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sass/dart-sass/commit/43fac1a989ce2a9ee66d95d99f739881462ee3a8\"\u003e\u003ccode\u003e43fac1a\u003c/code\u003e\u003c/a\u003e Bump actions/upload-artifact from 6 to 7 (\u003ca href=\"https://redirect.github.com/sass/dart-sass/issues/2747\"\u003e#2747\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sass/dart-sass/compare/1.89.2...1.100.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for sass since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/elkozmon/zoonavigator/pull/152","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/elkozmon%2Fzoonavigator/issues/152","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/152/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-19T17:41:03.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4479645509","node_id":"PR_kwDOJEmqjs7dLl_R","number":942,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 20 updates","user":"dependabot[bot]","labels":["dependencies","no-pr-activity","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-19T17:41:03.000Z","updated_at":"2026-05-27T01:26:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":20,"packages":[{"name":"fastify","old_version":"4.29.0","new_version":"5.8.5","repository_url":"https://github.com/fastify/fastify"},{"name":"undici","old_version":"6.20.1","new_version":"6.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"@protobufjs/utf8","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"defu","old_version":"6.1.4","new_version":"6.1.7","repository_url":"https://github.com/unjs/defu"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"h3","old_version":"1.13.0","new_version":"1.15.11","repository_url":"https://github.com/h3js/h3"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"markdown-it","old_version":"14.1.0","new_version":"14.1.1","repository_url":"https://github.com/markdown-it/markdown-it"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"pbkdf2","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/browserify/pbkdf2"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"rollup","old_version":"4.28.1","new_version":"4.60.4","repository_url":"https://github.com/rollup/rollup"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastify](https://github.com/fastify/fastify) | `4.29.0` | `5.8.5` |\n| [undici](https://github.com/nodejs/undici) | `6.20.1` | `6.24.0` |\n| [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [h3](https://github.com/h3js/h3) | `1.13.0` | `1.15.11` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.2` |\n| [rollup](https://github.com/rollup/rollup) | `4.28.1` | `4.60.4` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n\nBumps the npm_and_yarn group with 4 updates in the /sdk directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [rollup](https://github.com/rollup/rollup).\n\nUpdates `fastify` from 4.29.0 to 5.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fastify/releases\"\u003efastify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.5\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-33806 \u003ca href=\"https://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\"\u003ehttps://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: Fix port parsing by \u003ca href=\"https://github.com/jsumners\"\u003e\u003ccode\u003e@​jsumners\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6603\"\u003efastify/fastify#6603\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: upgrade to typescript v6.0.2 by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6605\"\u003efastify/fastify#6605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: restore trustProxy function for number and string types, add null check for socketAddr by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6613\"\u003efastify/fastify#6613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reduce cron scheduled workflows from daily/weekly to monthly by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6623\"\u003efastify/fastify#6623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6629\"\u003efastify/fastify#6629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6632\"\u003efastify/fastify#6632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump borp from 0.21.0 to 1.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6633\"\u003efastify/fastify#6633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6630\"\u003efastify/fastify#6630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ecosystem): add \u003ccode\u003e@​pompelmi/fastify-plugin\u003c/code\u003e by \u003ca href=\"https://github.com/SonoTommy\"\u003e\u003ccode\u003e@​SonoTommy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6610\"\u003efastify/fastify#6610\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonoTommy\"\u003e\u003ccode\u003e@​SonoTommy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6610\"\u003efastify/fastify#6610\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify/compare/v5.8.4...v5.8.5\"\u003ehttps://github.com/fastify/fastify/compare/v5.8.4...v5.8.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.8.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify/compare/v5.8.3...v5.8.4\"\u003ehttps://github.com/fastify/fastify/compare/v5.8.3...v5.8.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.8.3\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-3635 \u003ca href=\"https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf\"\u003ehttps://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs(readme): add \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e to plugin team by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6565\"\u003efastify/fastify#6565\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated Plugins-Guide.md; Changed \u0026quot;fastify\u0026quot; to \u0026quot;instance\u0026quot; during plugin registration to showcase that it's added as a child by \u003ca href=\"https://github.com/kyrylchenko\"\u003e\u003ccode\u003e@​kyrylchenko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6566\"\u003efastify/fastify#6566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: use fastify.test in test case by \u003ca href=\"https://github.com/climba03003\"\u003e\u003ccode\u003e@​climba03003\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6568\"\u003efastify/fastify#6568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: use fastify.example in documentation by \u003ca href=\"https://github.com/climba03003\"\u003e\u003ccode\u003e@​climba03003\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6567\"\u003efastify/fastify#6567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add common performance degradation guidance by \u003ca href=\"https://github.com/maxpetrusenko\"\u003e\u003ccode\u003e@​maxpetrusenko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6520\"\u003efastify/fastify#6520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(server): fix camelCase anchor links in TOC by \u003ca href=\"https://github.com/Deepvamja\"\u003e\u003ccode\u003e@​Deepvamja\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6530\"\u003efastify/fastify#6530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(link-checker): fix root-relative links resolution by \u003ca href=\"https://github.com/barba-rossa\"\u003e\u003ccode\u003e@​barba-rossa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6535\"\u003efastify/fastify#6535\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update syntax markdown, absolute paths and links by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6569\"\u003efastify/fastify#6569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify content-type parser/schema mismatch is outside threat model by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6537\"\u003efastify/fastify#6537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix incorrect code examples in Reply and Request reference by \u003ca href=\"https://github.com/mahmoodhamdi\"\u003e\u003ccode\u003e@​mahmoodhamdi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6582\"\u003efastify/fastify#6582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: replace redirected npm.im http-errors link by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6588\"\u003efastify/fastify#6588\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: Allow port to be null in request type definition by \u003ca href=\"https://github.com/TristanBarlow\"\u003e\u003ccode\u003e@​TristanBarlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6589\"\u003efastify/fastify#6589\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update links by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6593\"\u003efastify/fastify#6593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(lock-threads): use shared lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6592\"\u003efastify/fastify#6592\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kyrylchenko\"\u003e\u003ccode\u003e@​kyrylchenko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6566\"\u003efastify/fastify#6566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/maxpetrusenko\"\u003e\u003ccode\u003e@​maxpetrusenko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6520\"\u003efastify/fastify#6520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Deepvamja\"\u003e\u003ccode\u003e@​Deepvamja\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6530\"\u003efastify/fastify#6530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/barba-rossa\"\u003e\u003ccode\u003e@​barba-rossa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6535\"\u003efastify/fastify#6535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/3983cce8124714242099e8756a7a9a80a0ba0aea\"\u003e\u003ccode\u003e3983cce\u003c/code\u003e\u003c/a\u003e Bumped v5.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/3ce3ae6752dbed672759856081af9cb1e2733105\"\u003e\u003ccode\u003e3ce3ae6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/b06a196b694c0c7aed53976cd77456f1ad7d4c9f\"\u003e\u003ccode\u003eb06a196\u003c/code\u003e\u003c/a\u003e docs(ecosystem): add \u003ccode\u003e@​pompelmi/fastify-plugin\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6610\"\u003e#6610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/909c5d5329536b0acc004da7649b3da8af9273b2\"\u003e\u003ccode\u003e909c5d5\u003c/code\u003e\u003c/a\u003e chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6630\"\u003e#6630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/4db21a36ddb588acaebf5a4472ccb3b0d5fc9db0\"\u003e\u003ccode\u003e4db21a3\u003c/code\u003e\u003c/a\u003e chore: Bump borp from 0.21.0 to 1.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6633\"\u003e#6633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/0f4e544c8acd7c42df347936e613a73cecc4f3fe\"\u003e\u003ccode\u003e0f4e544\u003c/code\u003e\u003c/a\u003e chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6632\"\u003e#6632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/33a2fcd39de584713495bf4b3bd864137746f224\"\u003e\u003ccode\u003e33a2fcd\u003c/code\u003e\u003c/a\u003e chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6629\"\u003e#6629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/fd35d829a8cd496a3c1170c0c1c021130e3ca0e8\"\u003e\u003ccode\u003efd35d82\u003c/code\u003e\u003c/a\u003e ci: reduce cron schedules from daily/weekly to monthly (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6623\"\u003e#6623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/8dee9be05ebf683cd212aeff1d294f6ea1ec405c\"\u003e\u003ccode\u003e8dee9be\u003c/code\u003e\u003c/a\u003e fix: restore trustProxy function for number and string types, add null check ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/d457aeda8611777389c7e4713a288eb7ddb9a389\"\u003e\u003ccode\u003ed457aed\u003c/code\u003e\u003c/a\u003e chore: upgrade to typescript v6.0.2 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6605\"\u003e#6605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fastify/compare/v4.29.0...v5.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~climba03003\"\u003eclimba03003\u003c/a\u003e, a new releaser for fastify since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 6.20.1 to 6.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.23.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4e0179ae643e6f4380f24cc3683c1b1ca2afb094\"\u003e\u003ccode\u003e4e0179a\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5a97f0893b53ba7d1d5549d3df7e55d9c2673f89\"\u003e\u003ccode\u003e5a97f08\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/e43e898603dd5e0c14a75b08b83257598d664a39\"\u003e\u003ccode\u003ee43e898\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v6.20.1...v6.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@protobufjs/utf8` from 1.1.0 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dcodeIO/protobuf.js/releases\"\u003e@​protobufjs/utf8's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1\"\u003e1.1.1\u003c/a\u003e (2023-02-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e fix relative path to Google pb files (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1859\"\u003e#1859\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e42eea4868b11f4a07934804a56683321ed191e2\"\u003ee42eea4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ab3862d133ab9b824f12eab5f993784333543dbf\"\u003e\u003ccode\u003eab3862d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2255\"\u003e#2255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e\u003ccode\u003e0853a62\u003c/code\u003e\u003c/a\u003e fix: Backport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6\"\u003e\u003ccode\u003ed7035f9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e\u003ccode\u003e54b593f\u003c/code\u003e\u003c/a\u003e fix: Backport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dcodeIO/protobuf.js/compare/protobufjs-cli-v1.1.0...fetch-v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `defu` from 6.1.4 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/releases\"\u003edefu's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExport Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/blob/main/CHANGELOG.md\"\u003edefu's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edefu.d.cts:\u003c/strong\u003e Export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tea.yaml (\u003ca href=\"https://github.com/unjs/defu/commit/70cffe5\"\u003e70cffe5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate repo (\u003ca href=\"https://github.com/unjs/defu/commit/23cc432\"\u003e23cc432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typecheck (\u003ca href=\"https://github.com/unjs/defu/commit/89df6bb\"\u003e89df6bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🤖 CI\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695\"\u003e\u003ccode\u003e80c0146\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321\"\u003e\u003ccode\u003e40d7ef4\u003c/code\u003e\u003c/a\u003e fix(defu.d.cts): export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697\"\u003e\u003ccode\u003e3d3a7c8\u003c/code\u003e\u003c/a\u003e build: correct the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b\"\u003e\u003ccode\u003e001c290\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12\"\u003e\u003ccode\u003e407b516\u003c/code\u003e\u003c/a\u003e build: fix mixed types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315\"\u003e\u003ccode\u003e23e59e6\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9\"\u003e\u003ccode\u003e11ba022\u003c/code\u003e\u003c/a\u003e fix: ignore inherited enumerable properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29\"\u003e\u003ccode\u003e3942bfb\u003c/code\u003e\u003c/a\u003e fix: prevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/d3ef16dabe861713192ba8679c5db8e0ac143f9b\"\u003e\u003ccode\u003ed3ef16d\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/checkout action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/869a053effb7b1bf49a1635e1bb211840daa589e\"\u003e\u003ccode\u003e869a053\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 2.4.0 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCorrectly set license to BSD-3-Clause in package.json by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/102\"\u003efastify/fast-uri#102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/102\"\u003efastify/fast-uri#102\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.2...v3.0.3\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.0.2...v3.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse \u003ccode\u003etape\u003c/code\u003e by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/95\"\u003efastify/fast-uri#95\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eperf(index): merge concurrent \u003ccode\u003earray.push\u003c/code\u003e calls by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/97\"\u003efastify/fast-uri#97\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows from 4.2.1 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/98\"\u003efastify/fast-uri#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: properly parse userinfo in uri by \u003ca href=\"https://github.com/zekth\"\u003e\u003ccode\u003e@​zekth\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/101\"\u003efastify/fast-uri#101\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.1...v3.0.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.0.1...v3.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix \u003ccode\u003eurijs\u003c/code\u003e fragment handling incompatibility by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/93\"\u003efastify/fast-uri#93\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.0...v3.0.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.0.0...v3.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: skip nonSimpleDomain when it is an IP by \u003ca href=\"https://github.com/Uzlopak\"\u003e\u003ccode\u003e@​Uzlopak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/87\"\u003efastify/fast-uri#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: improve stringToHexStripped by \u003ca href=\"https://github.com/Uzlopak\"\u003e\u003ccode\u003e@​Uzlopak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/88\"\u003efastify/fast-uri#88\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd uri-js tests by \u003ca href=\"https://github.com/Uzlopak\"\u003e\u003ccode\u003e@​Uzlopak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/86\"\u003efastify/fast-uri#86\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMerge \u003ccode\u003enext\u003c/code\u003e into \u003ccode\u003emain\u003c/code\u003e by \u003ca href=\"https://github.com/jsumners\"\u003e\u003ccode\u003e@​jsumners\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/92\"\u003efastify/fast-uri#92\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jsumners\"\u003e\u003ccode\u003e@​jsumners\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/92\"\u003efastify/fast-uri#92\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v2.4.0...v3.0.0\"\u003ehttps://github.com/fastify/fast-uri/compare/v2.4.0...v3.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a79e2061bc3d3e8e6d06ee091be02d66d2a7f3e2\"\u003e\u003ccode\u003ea79e206\u003c/code\u003e\u003c/a\u003e Bumped v3.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/803edf207efa5b46334cbf26e561483aaa7a76dd\"\u003e\u003ccode\u003e803edf2\u003c/code\u003e\u003c/a\u003e Correctly set license to BSD-3-Clause in package.json (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a81bfb8ca4298d0b857bbab48f15c2abc6a8232f\"\u003e\u003ccode\u003ea81bfb8\u003c/code\u003e\u003c/a\u003e Bumped v3.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/2ebe20afd5971adb6ed5c07e38aae6cdcbc1fc47\"\u003e\u003ccode\u003e2ebe20a\u003c/code\u003e\u003c/a\u003e fix(parse): do not encode userinfo (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/33a3129fd5b53a6161b226d04edc1fd7000d6d0c\"\u003e\u003ccode\u003e33a3129\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows from 4.2.1 to 5.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/98\"\u003e#98\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/26cd10a0bb1b71308a174819da8132a747b4c456\"\u003e\u003ccode\u003e26cd10a\u003c/code\u003e\u003c/a\u003e refactor(index): merge concurrent \u003ccode\u003earray.push\u003c/code\u003e calls (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/97\"\u003e#97\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/0655453e59a27c0956b99c403ede48552092dfa9\"\u003e\u003ccode\u003e0655453\u003c/code\u003e\u003c/a\u003e use \u003ccode\u003etape\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/986abce97b2303c69011da82805285a59e5967de\"\u003e\u003ccode\u003e986abce\u003c/code\u003e\u003c/a\u003e v3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/b16b7477140571cf053343cfebb356a756e5c0b8\"\u003e\u003ccode\u003eb16b747\u003c/code\u003e\u003c/a\u003e fix \u003ccode\u003eurijs\u003c/code\u003e fragment handling incompatibility (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/5964558737eab37fffed66987be5b6a4d550f528\"\u003e\u003ccode\u003e5964558\u003c/code\u003e\u003c/a\u003e v3.0.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v2.4.0...v3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h3` from 1.13.0 to 1.15.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/h3/releases\"\u003eh3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.10...v1.15.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate defu to 6.1.6 (\u003ca href=\"https://github.com/h3js/h3/commit/6125485\"\u003e6125485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8\"\u003e4998dd8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate cookie-es (\u003ca href=\"https://github.com/h3js/h3/commit/d166186\"\u003ed166186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.9...v1.15.10\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSergio Azócar (\u003ca href=\"https://github.com/sergioazoc\"\u003e\u003ccode\u003e@​sergioazoc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.9\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.9\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Prevent path traversal via double-encoded dot segments (\u003ccode\u003e%252e%252e\u003c/code\u003e) (\u003ca href=\"https://github.com/h3js/h3/commit/c56683d\"\u003ec56683d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esse:\u003c/strong\u003e Sanitize carriage returns in event stream data and comments (\u003ca href=\"https://github.com/h3js/h3/commit/ba3c3fe\"\u003eba3c3fe\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.8\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.8\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.6...v1.15.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Narrow path traversal check to match \u003ccode\u003e..\u003c/code\u003e as a path segment only (\u003ca href=\"https://github.com/h3js/h3/commit/c049dc0\"\u003ec049dc0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapp:\u003c/strong\u003e Decode percent-encoded path segments to prevent auth bypass (\u003ca href=\"https://github.com/h3js/h3/commit/313ea52\"\u003e313ea52\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e💅 Refactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove implicit event handler conversion warning (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1340\"\u003e#1340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/h3/blob/v1.15.11/CHANGELOG.md\"\u003eh3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.10...v1.15.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate defu to 6.1.6 (\u003ca href=\"https://github.com/h3js/h3/commit/6125485\"\u003e6125485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8\"\u003e4998dd8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate cookie-es (\u003ca href=\"https://github.com/h3js/h3/commit/d166186\"\u003ed166186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.9...v1.15.10\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/26fec6f\"\u003e26fec6f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSergio Azócar (\u003ca href=\"https://github.com/sergioazoc\"\u003e\u003ccode\u003e@​sergioazoc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.9\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.9\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Prevent path traversal via double-encoded dot segments (\u003ccode\u003e%252e%252e\u003c/code\u003e) (\u003ca href=\"https://github.com/h3js/h3/commit/c56683d\"\u003ec56683d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esse:\u003c/strong\u003e Sanitize carriage returns in event stream data and comments (\u003ca href=\"https://github.com/h3js/h3/commit/ba3c3fe\"\u003eba3c3fe\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erelease:\u003c/strong\u003e V1.15.8 (\u003ca href=\"https://github.com/h3js/h3/commit/e3b9c9e\"\u003ee3b9c9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/23045df\"\u003e23045df\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/7b9f41fda6038d26a367c2a26a07ed83ee1dbaac\"\u003e\u003ccode\u003e7b9f41f\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/d166186ed63de5a21fa4bb0aede4f4574994a3b5\"\u003e\u003ccode\u003ed166186\u003c/code\u003e\u003c/a\u003e chore: update cookie-es\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8de60ddd6a182948e543143eaa56927399\"\u003e\u003ccode\u003e4998dd8\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/612548586357cbf0bad27bcb1b1615f4c40b1560\"\u003e\u003ccode\u003e6125485\u003c/code\u003e\u003c/a\u003e chore: update defu to 6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/b72bb57060cf68e627575e0c350742f4fa8206fa\"\u003e\u003ccode\u003eb72bb57\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/d8ef318fa9ce086036588443d683f97f9bb9faf8\"\u003e\u003ccode\u003ed8ef318\u003c/code\u003e\u003c/a\u003e remove resolutions for h3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/26fec6ff549e646bef284b8df4e267ddb8fc0b67\"\u003e\u003ccode\u003e26fec6f\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/51ca9b3750a2a1426257c96e5a81001e3ec3bb42\"\u003e\u003ccode\u003e51ca9b3\u003c/code\u003e\u003c/a\u003e fix: preserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/issues/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/4e8d43a7703d0d5c8bbc09748db1d8b9f3c51b42\"\u003e\u003ccode\u003e4e8d43a\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/23045df515a67f00182b5f7ca126cbec40efda4d\"\u003e\u003ccode\u003e23045df\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/h3js/h3/compare/v1.13.0...v1.15.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `markdown-it` from 14.1.0 to 14.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md\"\u003emarkdown-it's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[14.1.1] - 2026-01-11\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression from v13 in linkify inline rule. Specific patterns could\ncause high CPU use. Thanks to \u003ca href=\"https://github.com/ltduc147\"\u003e\u003ccode\u003e@​ltduc147\u003c/code\u003e\u003c/a\u003e for report.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/b4a9b659ef5734223731cfaa3ad5eacc6fc22918\"\u003e\u003ccode\u003eb4a9b65\u003c/code\u003e\u003c/a\u003e 14.1.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/4b4bbcae5e0990a5b172378e507b33a59012ed26\"\u003e\u003ccode\u003e4b4bbca\u003c/code\u003e\u003c/a\u003e Fixed perf regression in linkify-it wrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/d2782d892a51201b25d3eeab172201ad5a53a24c\"\u003e\u003ccode\u003ed2782d8\u003c/code\u003e\u003c/a\u003e Add supplementary example-driven documentation (\u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1092\"\u003e#1092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/markdown-it/markdown-it/compare/14.1.0...14.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/...\n\n_Description has been truncated_","html_url":"https://github.com/thirdweb-dev/engine/pull/942","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/thirdweb-dev%2Fengine/issues/942","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/942/packages"}},{"old_version":"1.13.6","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-18T22:11:05.000Z","version_change":"1.13.6 → 1.13.8","issue":{"uuid":"4472925664","node_id":"PR_kwDONEDTgM7c18Lq","number":74,"state":"closed","title":"Bump the npm_and_yarn group across 2 directories with 23 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T09:04:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-18T22:11:05.000Z","updated_at":"2026-05-19T09:04:58.000Z","time_to_close":39229,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":23,"packages":[{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"postcss","old_version":"8.4.38","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"minimatch","old_version":"9.0.3","new_version":"9.0.7","repository_url":"https://github.com/isaacs/minimatch"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.22.5","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"@protobufjs/utf8","old_version":"1.1.0","new_version":"1.1.1","repository_url":"https://github.com/dcodeIO/protobuf.js"},{"name":"@tootallnate/once","old_version":"1.1.2","new_version":"2.0.1","repository_url":"https://github.com/TooTallNate/once"},{"name":"axios","old_version":"0.21.4","new_version":"0.26.1","repository_url":"https://github.com/axios/axios"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"5.0.6","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.14.5","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"handlebars","old_version":"4.7.7","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"lodash-es","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"1.9.0","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.0","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.2.4","new_version":"7.6.0","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"serialize-javascript","old_version":"4.0.0","new_version":"6.0.2","repository_url":"https://github.com/yahoo/serialize-javascript"},{"name":"svgo","old_version":"1.3.2","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"tar","old_version":"6.1.15","new_version":"6.2.1","repository_url":"https://github.com/isaacs/node-tar"},{"name":"underscore","old_version":"1.13.6","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"undici","old_version":"5.28.1","new_version":"5.29.0","repository_url":"https://github.com/nodejs/undici"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"4.15.2","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"yaml","old_version":"1.10.2","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 23 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.38` | `8.5.10` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.3` | `9.0.7` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.22.5` | `7.29.4` |\n| [@protobufjs/utf8](https://github.com/dcodeIO/protobuf.js) | `1.1.0` | `1.1.1` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `1.1.2` | `2.0.1` |\n| [axios](https://github.com/axios/axios) | `0.21.4` | `0.26.1` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `5.0.6` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.14.5` | `1.16.0` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.7` | `4.7.9` |\n| [lodash-es](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `1.9.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.0` | `2.3.2` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.2.4` | `7.6.0` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `4.0.0` | `6.0.2` |\n| [svgo](https://github.com/svg/svgo) | `1.3.2` | `2.8.2` |\n| [tar](https://github.com/isaacs/node-tar) | `6.1.15` | `6.2.1` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.6` | `1.13.8` |\n| [undici](https://github.com/nodejs/undici) | `5.28.1` | `5.29.0` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.1` | `4.15.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `2.9.0` |\n\nBumps the npm_and_yarn group with 2 updates in the /components/ide/gha-update-image directory: [axios](https://github.com/axios/axios) and [yaml](https://github.com/eemeli/yaml).\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.38 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e during \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1995\"\u003ehis work\u003c/a\u003e on \u003ca href=\"https://stylelint.io\"\u003eStylelint\u003c/a\u003e added \u003ccode\u003eInput#document\u003c/code\u003e in additional to \u003ccode\u003eInput#css\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eroot.source.input.document //=\u0026gt; \u0026quot;\u0026lt;p\u0026gt;Hello\u0026lt;/p\u0026gt;\r\n                           //    \u0026lt;style\u0026gt;\r\n                           //    p {\r\n                           //      color: green;\r\n                           //    }\r\n                           //    \u0026lt;/style\u0026gt;\u0026quot;\r\nroot.source.input.css      //=\u0026gt; \u0026quot;p {\r\n                           //      color: green;\r\n                           //    }\u0026quot;\r\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.49\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax without \u003ccode\u003esource.offset\u003c/code\u003e (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.38...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.3 to 9.0.7\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2de496f6d9362dd92460f35ffa6ff8de2907244b\"\u003e\u003ccode\u003e2de496f\u003c/code\u003e\u003c/a\u003e 9.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0d4616de9193bf1d359271662e92657bb51b2f75\"\u003e\u003ccode\u003e0d4616d\u003c/code\u003e\u003c/a\u003e limit nested extglob recursion, flatten extglobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7117ef381e74deace1c62a74d2298c8fe61d10ca\"\u003e\u003ccode\u003e7117ef3\u003c/code\u003e\u003c/a\u003e 9.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2418458b7fe82e0a1fd1a1b6f618c41c90b9848a\"\u003e\u003ccode\u003e2418458\u003c/code\u003e\u003c/a\u003e update deps, do not checkin dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1d1f531009d5e4a86083de37e5ef3f301e073986\"\u003e\u003ccode\u003e1d1f531\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/03b1778ab34a0ead5729800307143669ef328096\"\u003e\u003ccode\u003e03b1778\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/f1aaffe08fe6651f340fb5bd0191cb5c8800a3c7\"\u003e\u003ccode\u003ef1aaffe\u003c/code\u003e\u003c/a\u003e update test expectations for coalesced consecutive stars\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/50126552835505d2c73ba13e8bdaafd737469a2f\"\u003e\u003ccode\u003e5012655\u003c/code\u003e\u003c/a\u003e coalesce consecutive non-globstar * characters\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/3515d1e3d52a85f894927100b199c0a4246d3898\"\u003e\u003ccode\u003e3515d1e\u003c/code\u003e\u003c/a\u003e [meta] add publishConfig.tag legacy-v9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0de7f45232cad5e3e49e4eb7cd9b6e124ed04b84\"\u003e\u003ccode\u003e0de7f45\u003c/code\u003e\u003c/a\u003e 9.0.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v9.0.3...v9.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.22.5 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@protobufjs/utf8` from 1.1.0 to 1.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dcodeIO/protobuf.js/releases\"\u003e@​protobufjs/utf8's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs-cli: v1.1.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-cli-v1.1.0...protobufjs-cli-v1.1.1\"\u003e1.1.1\u003c/a\u003e (2023-02-02)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e fix relative path to Google pb files (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/1859\"\u003e#1859\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e42eea4868b11f4a07934804a56683321ed191e2\"\u003ee42eea4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ab3862d133ab9b824f12eab5f993784333543dbf\"\u003e\u003ccode\u003eab3862d\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2255\"\u003e#2255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797\"\u003e\u003ccode\u003e0853a62\u003c/code\u003e\u003c/a\u003e fix: Backport bundler-safe optional module lookups (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2254\"\u003e#2254\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6\"\u003e\u003ccode\u003ed7035f9\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26\"\u003e\u003ccode\u003e54b593f\u003c/code\u003e\u003c/a\u003e fix: Backport parser hardening to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2245\"\u003e#2245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/dcodeIO/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dcodeIO/protobuf.js/compare/protobufjs-cli-v1.1.0...fetch-v1.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@tootallnate/once` from 1.1.2 to 2.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/releases\"\u003e@​tootallnate/once's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.0\u003c/h2\u003e\n\u003ch3\u003eMajor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBig refactor for v2: \u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/5\"\u003e#5\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eReturns a regular \u003ccode\u003ePromise\u003c/code\u003e instead of \u003ccode\u003eCancelablePromise\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe Promise is \u003cstrong\u003estrongly typed\u003c/strong\u003e when posssible. This is the main new feature.\u003c/li\u003e\n\u003cli\u003eAlways returns the full array of arguments passed to the event handler (i.e. what was previously \u003ccode\u003eonce.spread()\u003c/code\u003e is now the regular \u003ccode\u003eonce()\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eCompatible with \u003ca href=\"https://nodejs.org/api/globals.html#globals_class_abortcontroller\"\u003e\u003ccode\u003eAbortController\u003c/code\u003e\u003c/a\u003e to remove event listeners before the Promise has been fulfilled.\u003c/li\u003e\n\u003cli\u003eRequires TypeScript v4 or newer.\u003c/li\u003e\n\u003cli\u003eJest tests running CI via GitHub Actions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eREADME.md\u003c/code\u003e: d00821f35b44ed48466b8e5d202c2788e3688df6\u003c/li\u003e\n\u003cli\u003eCreate LICENSE: \u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/2\"\u003e#2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatches\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix: c3260138d77811bde3823cebd490ff59b35fe32f\u003c/li\u003e\n\u003cli\u003eRemove test script: \u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/4\"\u003e#4\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/lewish\"\u003e\u003ccode\u003e@​lewish\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/vivekkj123\"\u003e\u003ccode\u003e@​vivekkj123\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md\"\u003e@​tootallnate/once's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea1e5e2d: Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/bcbb21d387e5fb2d0bf8ec2fd8d0ac97d4553241\"\u003e\u003ccode\u003ebcbb21d\u003c/code\u003e\u003c/a\u003e ci: fix OIDC publishing — Node 24, npm latest, provenance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dc24387be8e3405f1e7c911caf76c87b72a0e145\"\u003e\u003ccode\u003edc24387\u003c/code\u003e\u003c/a\u003e Version Packages (2.x) (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/12\"\u003e#12\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b8a6f80afcfd2482b4bdb1e29d784340a05e0ce3\"\u003e\u003ccode\u003eb8a6f80\u003c/code\u003e\u003c/a\u003e CI: test all Node versions on Linux only\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/dabcc0fb6202663cd83994f0a21ea1c710395327\"\u003e\u003ccode\u003edabcc0f\u003c/code\u003e\u003c/a\u003e ci: drop EOL Node.js 14.x/16.x, add 22.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b464efcf4238d92590245b4d211d2fc05a94d28a\"\u003e\u003ccode\u003eb464efc\u003c/code\u003e\u003c/a\u003e Update CI: modern Node versions, fix macOS ARM64 compat\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/a1e5e2d784bcd1c65e49fac1524c6c94fe81f871\"\u003e\u003ccode\u003ea1e5e2d\u003c/code\u003e\u003c/a\u003e Fix promise hang when AbortSignal is aborted\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/b71b6e880044ab2110d3f2c753cd3d218e5e262e\"\u003e\u003ccode\u003eb71b6e8\u003c/code\u003e\u003c/a\u003e 2.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/4460bfff4ae5d25d8855e9957dca4c1ba115291c\"\u003e\u003ccode\u003e4460bff\u003c/code\u003e\u003c/a\u003e Big refactor for v2 (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/5\"\u003e#5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/c4862ce1e420a7324d22ccee3652422e454d1712\"\u003e\u003ccode\u003ec4862ce\u003c/code\u003e\u003c/a\u003e Remove test script (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/4\"\u003e#4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/TooTallNate/once/commit/de4a704b54936d83c8d6347d28665fe3b66c6de6\"\u003e\u003ccode\u003ede4a704\u003c/code\u003e\u003c/a\u003e Create LICENSE (\u003ca href=\"https://redirect.github.com/TooTallNate/once/issues/2\"\u003e#2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/TooTallNate/once/compare/1.1.2...v2.0.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​tootallnate/once\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.21.4 to 0.26.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.26.1\u003c/h2\u003e\n\u003ch3\u003eFixes and Functionality:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRefactored project file structure to avoid circular imports (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4220\"\u003e#4220\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.26.0\u003c/h2\u003e\n\u003ch3\u003eFixes and Functionality:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed The timeoutErrorMessage property in config not work with Node.js (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3581\"\u003e#3581\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded errors to be displayed when the query parsing process itself fails (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3961\"\u003e#3961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix/remove url required (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4426\"\u003e#4426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate follow-redirects dependency due to Vulnerability (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4462\"\u003e#4462\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump karma from 6.3.11 to 6.3.14 (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4461\"\u003e#4461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump follow-redirects from 1.14.7 to 1.14.8 (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4473\"\u003e#4473\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.25.0\u003c/h2\u003e\n\u003ch3\u003eBreaking changes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixing maxBodyLength enforcement (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3786\"\u003e#3786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't rely on strict mode behaviour for arguments (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3470\"\u003e#3470\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding error handling when missing url (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3791\"\u003e#3791\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate isAbsoluteURL.js removing escaping of non-special characters (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3809\"\u003e#3809\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse native Array.isArray() in utils.js (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3836\"\u003e#3836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding error handling inside stream end callback (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3967\"\u003e#3967\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes and Functionality:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded aborted even handler (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3916\"\u003e#3916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHeader types expanded allowing \u003ccode\u003eboolean\u003c/code\u003e and \u003ccode\u003enumber\u003c/code\u003e types (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4144\"\u003e#4144\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix cancel signature allowing cancel message to be \u003ccode\u003eundefined\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3153\"\u003e#3153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdated type checks to be formulated better (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3342\"\u003e#3342\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid unnecessary buffer allocations (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3321\"\u003e#3321\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding a socket handler to keep TCP connection live when processing long living requests (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3422\"\u003e#3422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded toFormData helper function (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3757\"\u003e#3757\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding responseEncoding prop type in AxiosRequestConfig (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3918\"\u003e#3918\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal and Tests:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdding axios-test-instance to ecosystem (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3786\"\u003e#3786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOptimize the logic of isAxiosError (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3546\"\u003e#3546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd tests and documentation to display how multiple inceptors work (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3564\"\u003e#3564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdating follow-redirects to version 1.14.7 (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4379\"\u003e#4379\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixing changelog to show corrext pull request (\u003ca href=\"https://redirect.github.com/axios/axios/pull/4219\"\u003e#4219\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate upgrade guide for https proxy setting (\u003ca href=\"https://redirect.github.com/axios/axios/pull/3604\"\u003e#3604\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eHuge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/blob/HEAD/mailto:jasonsaayman@gmail.com\"\u003eJay\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rijkvanzanten\"\u003eRijk van Zanten\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/koh110\"\u003eKohta Ito\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bfaulk96\"\u003eBrandon Faulkner\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NoriSte\"\u003eStefano Magni\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fanguangyi\"\u003eenofan\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8e67551177990ed067384e1641d6964dcab773f7\"\u003e\u003ccode\u003e8e67551\u003c/code\u003e\u003c/a\u003e Update line on methods, update TS definition to allow strings (\u003ca href=\"https://redirect.github.com/axios/axios/issues/3802\"\u003e#3802\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/224ed940e15b615336bc104b3478b137f7a48b86\"\u003e\u003ccode\u003e224ed94\u003c/code\u003e\u003c/a\u003e Add AxiosInterceptorOptions to d.ts (\u003ca href=\"https://redirect.github.com/axios/axios/issues/3800\"\u003e#3800\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/bdb7d76d40407443dceaf9efa5d5a01ee4ef4da5\"\u003e\u003ccode\u003ebdb7d76\u003c/code\u003e\u003c/a\u003e Adding baseURL to be used in getUri(), also removing question mark trimming s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/195c8e5ff5af6506e5c3e9423cd3c6e839b9cc86\"\u003e\u003ccode\u003e195c8e5\u003c/code\u003e\u003c/a\u003e Returned error treated when requesting uncommon URL (\u003ca href=\"https://redirect.github.com/axios/axios/issues/3544\"\u003e#3544\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/412d3bd6078433dda4a7eb4d86e021dbc57fdeb2\"\u003e\u003ccode\u003e412d3bd\u003c/code\u003e\u003c/a\u003e Adding support for beforeRedirect config option (\u003ca href=\"https://redirect.github.com/axios/axios/issues/3852\"\u003e#3852\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3d13b67c562d45434536697bb232e2b1fba8e035\"\u003e\u003ccode\u003e3d13b67\u003c/code\u003e\u003c/a\u003e Fix FormData example (\u003ca href=\"https://redirect.github.com/axios/axios/issues/4391\"\u003e#4391\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/45cb5ad7164257a7ad007bc99d1d004205249ab7\"\u003e\u003ccode\u003e45cb5ad\u003c/code\u003e\u003c/a\u003e Updated README example to be coherent with the CommonJS usage (\u003ca href=\"https://redirect.github.com/axios/axios/issues/4418\"\u003e#4418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2396fcd7e9b27853670759ee95d8f64156730159\"\u003e\u003ccode\u003e2396fcd\u003c/code\u003e\u003c/a\u003e Bump karma from 6.3.14 to 6.3.16 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/4506\"\u003e#4506\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/170588f3d78f855450d1ce50968651a54cda7386\"\u003e\u003ccode\u003e170588f\u003c/code\u003e\u003c/a\u003e Refactored project file structure to avoid circular imports; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/4220\"\u003e#4220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6e63edf455b6854feeeb0d2394fe0d1d854b55e0\"\u003e\u003ccode\u003e6e63edf\u003c/code\u003e\u003c/a\u003e Bump url-parse from 1.5.4 to 1.5.10 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/4501\"\u003e#4501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.21.4...v0.26.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 5.0.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efmt  5a5cc17\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  0b6a978\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v4.0.0...v4.0.1\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v4.0.0...v4.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: use string replaces instead of splits (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/64\"\u003e#64\u003c/a\u003e)  278132b\u003c/li\u003e\n\u003cli\u003efmt  dd72a59\u003c/li\u003e\n\u003cli\u003eadd \u003ccode\u003etea.yaml\u003c/code\u003e  70e4c1b\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v3.0.0...v4.0.0\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v3.0.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAs a precaution to not risk breaking anything with 278132b, this is a new semver major release\u003c/p\u003e\n\u003ch2\u003ev3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 3.x  3059c07\u003c/li\u003e\n\u003cli\u003efmt  8229e6f\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  15f9b3c\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v3.0.0...v3.0.1\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v3.0.0...v3.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSwitch to ES Modules and balanced-match 3.0.0 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/62\"\u003e#62\u003c/a\u003e)  c0360e8\u003c/li\u003e\n\u003cli\u003eadded jsdoc (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/55\"\u003e#55\u003c/a\u003e)  68c0e37\u003c/li\u003e\n\u003cli\u003enode 16 is EOL  9e781e9\u003c/li\u003e\n\u003cli\u003eadd standard  3494c4d\u003c/li\u003e\n\u003cli\u003euse const and let (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/57\"\u003e#57\u003c/a\u003e)  dd5a4cb\u003c/li\u003e\n\u003cli\u003edocs  6dad209\u003c/li\u003e\n\u003cli\u003eremove \u003ccode\u003etest\u003c/code\u003e  e3dd8ae\u003c/li\u003e\n\u003cli\u003eci: update node versions  d23ede9\u003c/li\u003e\n\u003cli\u003edocs: add \u003ca href=\"https://github.com/lanodan\"\u003e\u003ccode\u003e@​lanodan\u003c/code\u003e\u003c/a\u003e to contributors  1eb3fa4\u003c/li\u003e\n\u003cli\u003edocs  1e7c9cd\u003c/li\u003e\n\u003cli\u003eswitch from tape to test module (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/60\"\u003e#60\u003c/a\u003e)  2520537\u003c/li\u003e\n\u003cli\u003eBump minimist from 1.2.5 to 1.2.6 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/59\"\u003e#59\u003c/a\u003e)  61a94f1\u003c/li\u003e\n\u003cli\u003eBump path-parse from 1.0.6 to 1.0.7 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/51\"\u003e#51\u003c/a\u003e)  dc741cf\u003c/li\u003e\n\u003cli\u003edocs: add back ci badge  8ee5626\u003c/li\u003e\n\u003cli\u003eAdd github actions, remove travis. Closes \u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/52\"\u003e#52\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/53\"\u003e#53\u003c/a\u003e)  5c8756a\u003c/li\u003e\n\u003cli\u003eCI: Drop unused sudo: false Travis directive (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/50\"\u003e#50\u003c/a\u003e)  05978a7\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v3.0.0\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.0.1...v3.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 2.x  14f1d91\u003c/li\u003e\n\u003cli\u003efmt  ed7780a\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  36603d5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/46317b5d8779c151d24f65c9c139cd076f91a1c3\"\u003e\u003ccode\u003e46317b5\u003c/code\u003e\u003c/a\u003e 5.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c0b095bdc52bc4c36dc88deddbadabc49f8371e5\"\u003e\u003ccode\u003ec0b095b\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ec5602085a81ca7c954f6780c6a3aef0b1e200cf\"\u003e\u003ccode\u003eec56020\u003c/code\u003e\u003c/a\u003e Bump picomatch from 4.0.3 to 4.0.4 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/93\"\u003e#93\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/87939017c6cb6be56b98c6fa2059b073315cd534\"\u003e\u003ccode\u003e8793901\u003c/code\u003e\u003c/a\u003e 5.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/9a02af5c5c80731fae470cc3218c16876bb25051\"\u003e\u003ccode\u003e9a02af5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a\"\u003e\u003ccode\u003edaa71bc\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.10 to 7.5.11 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/92\"\u003e#92\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/799e5f7a222b0ea29052090b80fab2125a846543\"\u003e\u003ccode\u003e799e5f7\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.9 to 7.5.10 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/90\"\u003e#90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/012c230b7f71ca0c43febfa2dc3b710f63f129dd\"\u003e\u003ccode\u003e012c230\u003c/code\u003e\u003c/a\u003e 5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/243c491714270462decf1293b395e0aa6f6c15c4\"\u003e\u003ccode\u003e243c491\u003c/code\u003e\u003c/a\u003e Fix handling of brackets. Closes \u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/87\"\u003e#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/609f8588070198ca6ff7132d2f78bbae5c991b93\"\u003e\u003ccode\u003e609f858\u003c/code\u003e\u003c/a\u003e Correct incorrect brace-expansion import (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/89\"\u003e#89\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v5.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.14.5 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.14.5...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.7 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.7.8 - July 27th, 2023\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake library compatible with workers (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1894\"\u003e#1894\u003c/a\u003e) - 3d3796c\u003c/li\u003e\n\u003cli\u003eDon't rely on Node.js global object (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1776\"\u003e#1776\u003c/a\u003e) - 2954e7e\u003c/li\u003e\n\u003cli\u003eFix compiling of each block params in strict mode (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1855\"\u003e#1855\u003c/a\u003e) - 30dbf04\u003c/li\u003e\n\u003cli\u003eFix rollup warning when importing Handlebars as ESM - 03d387b\u003c/li\u003e\n\u003cli\u003eFix bundler issue with webpack 5 (\u003ca href=\"https://redirect.github.com/handlebars-lang/handlebars.js/issues/1862\"\u003e#1862\u003c/a\u003e) - c6c6bbb\u003c/li\u003e\n\u003cli\u003eUse https instead of git for mustache submodule - 88ac068\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.8\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.7...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~jaylinski\"\u003ejaylinski\u003c/a\u003e, a new releaser for handlebars since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash-es` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash-es's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a...\n\n_Description has been truncated_","html_url":"https://github.com/dragonflycapital/gitpod/pull/74","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dragonflycapital%2Fgitpod/issues/74","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/74/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-17T21:45:45.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4465033421","node_id":"PR_kwDORVzEBc7cchzg","number":2,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-17T21:45:45.000Z","updated_at":"2026-05-17T21:46:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"@modelcontextprotocol/sdk","old_version":"1.22.0","new_version":"1.26.0","repository_url":"https://github.com/modelcontextprotocol/typescript-sdk"},{"name":"@tootallnate/once","old_version":"1.1.2","new_version":"removed","repository_url":"https://github.com/TooTallNate/once"},{"name":"@xmldom/xmldom","old_version":"0.8.11","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"fast-xml-parser","old_version":"5.2.5","new_version":"5.7.3","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 7 updates in the /packages/openmemory-js directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.22.0` | `1.26.0` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `1.1.2` | `removed` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `5.2.5` | `5.7.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n\nBumps the npm_and_yarn group with 5 updates in the /apps/vscode-extension directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `2.1.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n\n\nUpdates `@modelcontextprotocol/sdk` from 1.22.0 to 1.26.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/releases\"\u003e@​modelcontextprotocol/sdk's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.26.0\u003c/h2\u003e\n\u003cp\u003eAddresses \u0026quot;Sharing server/transport instances can leak cross-client response data\u0026quot; in this GHSA \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: bump v1.25.3 for backport fixes by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1412\"\u003emodelcontextprotocol/typescript-sdk#1412\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by \u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) by \u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version to 1.26.0 by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1479\"\u003emodelcontextprotocol/typescript-sdk#1479\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuv\"\u003e\u003ccode\u003e@​samuv\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1382\"\u003emodelcontextprotocol/typescript-sdk#1382\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NSeydoux\"\u003e\u003ccode\u003e@​NSeydoux\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1442\"\u003emodelcontextprotocol/typescript-sdk#1442\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.3...v1.26.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[v1.x backport] Use correct schema for client sampling validation when tools are present by \u003ca href=\"https://github.com/olaservo\"\u003e\u003ccode\u003e@​olaservo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1407\"\u003emodelcontextprotocol/typescript-sdk#1407\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent Hono from overriding global Response object (v1.x) by \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1411\"\u003emodelcontextprotocol/typescript-sdk#1411\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/v1.25.2...v1.25.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.25.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: trigger workflow on v1.x branch by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1319\"\u003emodelcontextprotocol/typescript-sdk#1319\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: README badges links destinations by \u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1365\"\u003emodelcontextprotocol/typescript-sdk#1365\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/antonpk1\"\u003e\u003ccode\u003e@​antonpk1\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/907\"\u003emodelcontextprotocol/typescript-sdk#907\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.1...v1.25.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.25.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003espec types - backwards compatibility changes by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1306\"\u003emodelcontextprotocol/typescript-sdk#1306\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: bump version for patch fix by \u003ca href=\"https://github.com/felixweinberger\"\u003e\u003ccode\u003e@​felixweinberger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1307\"\u003emodelcontextprotocol/typescript-sdk#1307\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\"\u003ehttps://github.com/modelcontextprotocol/typescript-sdk/compare/1.25.0...1.25.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e1.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003elist changed handlers on client constructor by \u003ca href=\"https://github.com/mattzcarey\"\u003e\u003ccode\u003e@​mattzcarey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1206\"\u003emodelcontextprotocol/typescript-sdk#1206\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRole - moved from inline to reusable type by \u003ca href=\"https://github.com/KKonstantinov\"\u003e\u003ccode\u003e@​KKonstantinov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1221\"\u003emodelcontextprotocol/typescript-sdk#1221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use versioned npm tag for non-main branch releases by \u003ca href=\"https://github.com/pcarleton\"\u003e\u003ccode\u003e@​pcarleton\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1236\"\u003emodelcontextprotocol/typescript-sdk#1236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNo automatic completion support unless needed - Revisited yet again by \u003ca href=\"https://github.com/cliffhall\"\u003e\u003ccode\u003e@​cliffhall\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1237\"\u003emodelcontextprotocol/typescript-sdk#1237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: Support updating output schema by \u003ca href=\"https://github.com/vincent0426\"\u003e\u003ccode\u003e@​vincent0426\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/pull/1048\"\u003emodelcontextprotocol/typescript-sdk#1048\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/fe9c07b465871394c7069207c86513df9c1194a4\"\u003e\u003ccode\u003efe9c07b\u003c/code\u003e\u003c/a\u003e chore: bump version to 1.26.0 (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1479\"\u003e#1479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/4f01e7e0708e1a85ccc7dbf39e850005f2d9ff03\"\u003e\u003ccode\u003e4f01e7e\u003c/code\u003e\u003c/a\u003e fix: add non-null assertions for optional setupServer fields in stateful test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a05be176cabeae1f933b676e3ce024bf02e2314d\"\u003e\u003ccode\u003ea05be17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/50d9fa3cd12e807e7963bcb9e1548786d3d5d941\"\u003e\u003ccode\u003e50d9fa3\u003c/code\u003e\u003c/a\u003e Fix \u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1430\"\u003e#1430\u003c/a\u003e: Client Credentials providers scopes support (backported) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1442\"\u003e#1442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/aa81a66556fb4434d8a6d1b70f7ac9fc40b5d325\"\u003e\u003ccode\u003eaa81a66\u003c/code\u003e\u003c/a\u003e fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x back...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6aba0659654e1ff0699844524595922a61e44cb9\"\u003e\u003ccode\u003e6aba065\u003c/code\u003e\u003c/a\u003e chore: bump v1.25.3 for backport fixes (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1412\"\u003e#1412\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/6e8f7e1a43a819ae230373c62b82228dafd892c6\"\u003e\u003ccode\u003e6e8f7e1\u003c/code\u003e\u003c/a\u003e fix: prevent Hono from overriding global Response object (v1.x) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1411\"\u003e#1411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/12ae856cee6ca58499cce24e80f650e78a0c7610\"\u003e\u003ccode\u003e12ae856\u003c/code\u003e\u003c/a\u003e [v1.x backport] Use correct schema for client sampling validation when tools ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3\"\u003e\u003ccode\u003eb392f02\u003c/code\u003e\u003c/a\u003e fix: prevent ReDoS in UriTemplate regex patterns (v1.x backport) (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/1365\"\u003e#1365\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/commit/a0c9b13484748acab9e5dc8317a7e89c06b52e37\"\u003e\u003ccode\u003ea0c9b13\u003c/code\u003e\u003c/a\u003e fix: README badges links destinations (\u003ca href=\"https://redirect.github.com/modelcontextprotocol/typescript-sdk/issues/907\"\u003e#907\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/modelcontextprotocol/typescript-sdk/compare/1.22.0...v1.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nRemoves `@tootallnate/once`\n\nUpdates `@xmldom/xmldom` from 0.8.11 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `body-parser` from 2.2.0 to 2.2.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/releases\"\u003ebody-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.2.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README links by \u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: release notes for the v1.20.4 release by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/674\"\u003eexpressjs/body-parser#674\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update URL-encoded parser description to include ISO-8859-1 encoding support by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/679\"\u003eexpressjs/body-parser#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: use standard jsdoc tags everywhere by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/677\"\u003eexpressjs/body-parser#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: qs@^6.14.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/689\"\u003eexpressjs/body-parser#689\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/693\"\u003eexpressjs/body-parser#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.2.2 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/691\"\u003eexpressjs/body-parser#691\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/efekrskl\"\u003e\u003ccode\u003e@​efekrskl\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/673\"\u003eexpressjs/body-parser#673\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\"\u003ehttps://github.com/expressjs/body-parser/compare/v2.2.1...v2.2.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.2.1\u003c/h2\u003e\n\u003ch2\u003eImportant: Security\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-13466\"\u003eCVE-2025-13466\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: add dependabot by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/593\"\u003eexpressjs/body-parser#593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use full SHAs for github action versions by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/594\"\u003eexpressjs/body-parser#594\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: type-is@^2.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/599\"\u003eexpressjs/body-parser#599\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/609\"\u003eexpressjs/body-parser#609\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/610\"\u003eexpressjs/body-parser#610\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/611\"\u003eexpressjs/body-parser#611\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/613\"\u003eexpressjs/body-parser#613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/612\"\u003eexpressjs/body-parser#612\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add codeql github workflows scanning by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/614\"\u003eexpressjs/body-parser#614\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update CodeQL config to ignore the test directory by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/615\"\u003eexpressjs/body-parser#615\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/620\"\u003eexpressjs/body-parser#620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/619\"\u003eexpressjs/body-parser#619\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): unpin devDependencies by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/616\"\u003eexpressjs/body-parser#616\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node.js 24 to test matrix by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/621\"\u003eexpressjs/body-parser#621\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/623\"\u003eexpressjs/body-parser#623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/624\"\u003eexpressjs/body-parser#624\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/617\"\u003eexpressjs/body-parser#617\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/625\"\u003eexpressjs/body-parser#625\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/630\"\u003eexpressjs/body-parser#630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: move common request validation to read function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/600\"\u003eexpressjs/body-parser#600\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: bump iconv-lite by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/631\"\u003eexpressjs/body-parser#631\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: pull beta changelog forward into 2.0.0 by \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/629\"\u003eexpressjs/body-parser#629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: optimize raw and text parsers with shared passthrough function by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/634\"\u003eexpressjs/body-parser#634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.2 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/640\"\u003eexpressjs/body-parser#640\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/639\"\u003eexpressjs/body-parser#639\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/636\"\u003eexpressjs/body-parser#636\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/637\"\u003eexpressjs/body-parser#637\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/638\"\u003eexpressjs/body-parser#638\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps: raw-body@^3.0.1 by \u003ca href=\"https://github.com/Phillip9587\"\u003e\u003ccode\u003e@​Phillip9587\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/body-parser/pull/641\"\u003eexpressjs/body-parser#641\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/body-parser/blob/master/HISTORY.md\"\u003ebody-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e2.2.2 / 2026-01-07\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003edeps: qs@^6.14.1\u003c/li\u003e\n\u003cli\u003erefactor(json): simplify strict mode error string construction\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e2.2.1 / 2025-11-24\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity fix for \u003ca href=\"https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4\"\u003eGHSA-wqch-xfxh-vrr4\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeps:\n\u003cul\u003e\n\u003cli\u003etype-is@^2.0.1\u003c/li\u003e\n\u003cli\u003eiconv-lite@^0.7.0\n\u003cul\u003e\n\u003cli\u003eHandle split surrogate pairs when encoding UTF-8\u003c/li\u003e\n\u003cli\u003eAvoid false positives in \u003ccode\u003eencodingExists\u003c/code\u003e by using prototype-less objects\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eraw-body@^3.0.1\u003c/li\u003e\n\u003cli\u003edebug@^4.4.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/3d248660b2e8b66732b232d7c758517fbf2420a6\"\u003e\u003ccode\u003e3d24866\u003c/code\u003e\u003c/a\u003e 2.2.2 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/691\"\u003e#691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/8474a984c3ba36a1b4328ce019833b99caa0f08f\"\u003e\u003ccode\u003e8474a98\u003c/code\u003e\u003c/a\u003e refactor(json): simplify strict mode error string construction (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/693\"\u003e#693\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/03f17c2538552a57e6be537afca8c7587bd40aaa\"\u003e\u003ccode\u003e03f17c2\u003c/code\u003e\u003c/a\u003e deps: qs@^6.14.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/689\"\u003e#689\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/ea1f25e503c1b2f7ba6f8562724ae0fcd247fb75\"\u003e\u003ccode\u003eea1f25e\u003c/code\u003e\u003c/a\u003e docs: use standard jsdoc tags everywhere (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d7deef8ec61307fa28c22bc443cf8ed2f267945a\"\u003e\u003ccode\u003ed7deef8\u003c/code\u003e\u003c/a\u003e docs: update URL-encoded parser description to include ISO-8859-1 encoding su...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b6f52aabc65137c5227c8a462bddb761daeb96e7\"\u003e\u003ccode\u003eb6f52aa\u003c/code\u003e\u003c/a\u003e docs: release notes for the v1.20.4 release (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/674\"\u003e#674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/2965ca4af4883109cb2f651f4ce12da310902a0c\"\u003e\u003ccode\u003e2965ca4\u003c/code\u003e\u003c/a\u003e docs: update links (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/d96b63da8d7445de317736471633bac83ec76cbb\"\u003e\u003ccode\u003ed96b63d\u003c/code\u003e\u003c/a\u003e 2.2.1 (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/659\"\u003e#659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/b204886a6744b0b6d297cd0e849d75de836f3b63\"\u003e\u003ccode\u003eb204886\u003c/code\u003e\u003c/a\u003e sec: security patch for CVE-2025-13466\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/body-parser/commit/e20e3512e085c1162e8ffe36ac65c705a8017251\"\u003e\u003ccode\u003ee20e351\u003c/code\u003e\u003c/a\u003e feat: remove \u003ccode\u003ehistory.md\u003c/code\u003e from being packaged on publish (\u003ca href=\"https://redirect.github.com/expressjs/body-parser/issues/660\"\u003e#660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/body-parser/compare/v2.2.0...v2.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 5.2.5 to 5.7.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003efix minor old bugs and update builder\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ebackward compatibility for numerical external entity, fix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eupgrade \u003ccode\u003e@​nodable/entities\u003c/code\u003e and FXB\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to use entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo API change\u003c/li\u003e\n\u003cli\u003eNo change in performance for basic usage\u003c/li\u003e\n\u003cli\u003eNo typing change\u003c/li\u003e\n\u003cli\u003eNo config change\u003c/li\u003e\n\u003cli\u003enew dependency\u003c/li\u003e\n\u003cli\u003ebreaking: error messages for entities might have been changed.\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\"\u003ehttps://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eperformance improvment, increase entity expansion default limit\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eincrease default entity explansion limit as many projects demand for that\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003emaxEntitySize: 10000,\r\nmaxExpansionDepth: 10000,\r\nmaxTotalExpansions: Infinity,\r\nmaxExpandedLength: 100000,\r\nmaxEntityCount: 1000,\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eperformance improvement\n\u003cul\u003e\n\u003cli\u003ereduce calls to toString\u003c/li\u003e\n\u003cli\u003eearly return when entities are not present\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003eNote: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eNote: Due to some last quick changes on v4, detail of v4.5.3 \u0026amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion\u003c/p\u003e\n\u003cp\u003e*\u003cem\u003e5.8.0 / 2026-05-12\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eintegrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)\n\u003cul\u003e\n\u003cli\u003eThis will consider xml-version as well. '1.0' is default\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate strnum to 2.3.0\n\u003cul\u003e\n\u003cli\u003eYou can set octal and binary parsing which is bydeault off\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate fast-xml-builder to 1.2.0\n\u003cul\u003e\n\u003cli\u003ecan sanitize tag names if found invalid\u003c/li\u003e\n\u003cli\u003efix format output\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.3 / 2006-05-05\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.2 / 2026-04-25\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.1 / 2026-04-20\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in CJS typing file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.0 / 2026-04-17\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to user entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.6.0 / 2026-04-15\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: entity replacement for numeric entities\u003c/li\u003e\n\u003cli\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\n\u003cul\u003e\n\u003cli\u003ethis may change some error messages related to entities expansion limit or inavlid use\u003c/li\u003e\n\u003cli\u003epost check would be exposed in future version\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d6d80429b1d1f1420902e1cebac6fe7831ba0839\"\u003e\u003ccode\u003ed6d8042\u003c/code\u003e\u003c/a\u003e update to release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d2633709699520c514208ea70e31adb6d71ab0e8\"\u003e\u003ccode\u003ed263370\u003c/code\u003e\u003c/a\u003e remove dev dependency 'he'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f9c9a2c19f819ab6fe0856ef4e94d6aa28fe1eec\"\u003e\u003ccode\u003ef9c9a2c\u003c/code\u003e\u003c/a\u003e update builder to 1.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/b65da87028f943abf5698b96385eef21e39f983e\"\u003e\u003ccode\u003eb65da87\u003c/code\u003e\u003c/a\u003e update changelog and mark addEntity deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/c2ca631f99d4d7f66e0d48001741bc8784cfe966\"\u003e\u003ccode\u003ec2ca631\u003c/code\u003e\u003c/a\u003e update fxb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/da7519163bfdc257e90be781a05af83840b330a8\"\u003e\u003ccode\u003eda75191\u003c/code\u003e\u003c/a\u003e fix stop node expression when ns prefix is removed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/31bbc99adedcada7d52bc4745273e7d8b9824b31\"\u003e\u003ccode\u003e31bbc99\u003c/code\u003e\u003c/a\u003e fix: alwaysCreateTextNode should create text node when attributes are present...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/dab327a05acd4f62bba277fb924e2e751079eca0\"\u003e\u003ccode\u003edab327a\u003c/code\u003e\u003c/a\u003e remove unnecessary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/ab04eeb91d3013d56c6a949cf45c17deaa3a0fc8\"\u003e\u003ccode\u003eab04eeb\u003c/code\u003e\u003c/a\u003e update docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/383cb3feee7f8181379f41836359e6b53379db5d\"\u003e\u003ccode\u003e383cb3f\u003c/code\u003e\u003c/a\u003e Revise security information for v6 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.2.5...v5.7.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.0.1 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e in...\n\n_Description has been truncated_","html_url":"https://github.com/nilhemdot/OpenMemory/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilhemdot%2FOpenMemory/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-16T00:25:20.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4457829875","node_id":"PR_kwDOOHO_y87cHLu-","number":27,"state":"open","title":"Bump the npm_and_yarn group across 16 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T00:25:20.000Z","updated_at":"2026-05-16T00:25:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"ajv","old_version":"6.12.6","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.2","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.4.47","new_version":"8.5.14","repository_url":"https://github.com/postcss/postcss"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.25.7","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 1 update in the / directory: [systeminformation](https://github.com/sebhildebrandt/systeminformation).\nBumps the npm_and_yarn group with 3 updates in the /examples/angular directory: [fast-uri](https://github.com/fastify/fast-uri), [hono](https://github.com/honojs/hono) and [ip-address](https://github.com/beaugunderson/ip-address).\nBumps the npm_and_yarn group with 1 update in the /examples/angularjs_require/test directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 4 updates in the /examples/backbone directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash), [qs](https://github.com/ljharb/qs) and [underscore](https://github.com/jashkenas/underscore).\nBumps the npm_and_yarn group with 1 update in the /examples/backbone_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/dijon directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 14 updates in the /examples/emberjs/todomvc directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `8.20.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `2.1.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.2` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `9.0.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.14` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.7` | `7.29.4` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /examples/javascript-es5 directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 9 updates in the /examples/javascript-es6 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [qs](https://github.com/ljharb/qs) | `6.11.0` | `6.15.1` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `8.20.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.14` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.5` |\n\nBumps the npm_and_yarn group with 4 updates in the /examples/jquery directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash), [qs](https://github.com/ljharb/qs) and [handlebars](https://github.com/handlebars-lang/handlebars.js).\nBumps the npm_and_yarn group with 1 update in the /examples/knockback directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/lavaca_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 2 updates in the /examples/typescript-backbone directory: [lodash](https://github.com/lodash/lodash) and [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 3 updates in the /examples/web-components directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [qs](https://github.com/ljharb/qs).\n\nUpdates `systeminformation` from 5.31.5 to 5.31.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sebhildebrandt/systeminformation/releases\"\u003esysteminformation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.31.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sebhildebrandt/systeminformation/compare/v5.31.5...v5.31.6\"\u003ehttps://github.com/sebhildebrandt/systeminformation/compare/v5.31.5...v5.31.6\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md\"\u003esysteminformation's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003eMajor Changes - Version 5\u003c/h2\u003e\n\u003ch4\u003eNew Functions\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eaudio()\u003c/code\u003e detailed audio information\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebluetoothDevices()\u003c/code\u003e detailed information detected bluetooth devices\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edockerImages()\u003c/code\u003e detailed information docker images\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edockerVolumes()\u003c/code\u003e detailed information docker volumes\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eprinters()\u003c/code\u003e detailed printer information\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eusb()\u003c/code\u003e detailed USB information\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewifiInterfaces()\u003c/code\u003e detected Wi-Fi interfaces\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ewifiConnections()\u003c/code\u003e active Wi-Fi connections\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBreaking Changes\u003c/h4\u003e\n\u003cp\u003e\u003cstrong\u003eBe aware\u003c/strong\u003e, that the new version 5.x \u003cstrong\u003eis NOT fully backward compatible\u003c/strong\u003e to\nversion 4.x ...\u003c/p\u003e\n\u003cp\u003eWe had to make \u003cstrong\u003eseveral interface changes\u003c/strong\u003e to keep systeminformation as\nconsistent as possible. We highly\n\u003ca href=\"https://systeminformation.io/changes.html\"\u003erecommend to go through the complete list\u003c/a\u003e\nand adapt your own code to be again compatible to the new version 5.\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eFunction\u003c/th\u003e\n\u003cth\u003eOld\u003c/th\u003e\n\u003cth\u003eNew (V5)\u003c/th\u003e\n\u003cth\u003eComments\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003eunsupported values\u003c/td\u003e\n\u003ctd\u003e-1\u003c/td\u003e\n\u003ctd\u003enull\u003c/td\u003e\n\u003ctd\u003evalues which are unknown or\u003c!-- raw HTML omitted --\u003eunsupported on platform\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003ebattery()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003ehasbattery\u003c!-- raw HTML omitted --\u003ecyclecount\u003c!-- raw HTML omitted --\u003eischarging\u003c!-- raw HTML omitted --\u003edesignedcapacity\u003c!-- raw HTML omitted --\u003emaxcapacity\u003c!-- raw HTML omitted --\u003eacconnected\u003c!-- raw HTML omitted --\u003etimeremaining\u003c/td\u003e\n\u003ctd\u003ehasBattery\u003c!-- raw HTML omitted --\u003ecycleCount\u003c!-- raw HTML omitted --\u003eisCharging\u003c!-- raw HTML omitted --\u003edesignedCapacity\u003c!-- raw HTML omitted --\u003emaxCapacity\u003c!-- raw HTML omitted --\u003eacConnected\u003c!-- raw HTML omitted --\u003etimeRemaining\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eblockDevices()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003efstype\u003c/td\u003e\n\u003ctd\u003efsType\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003ecpu()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003espeedmin\u003c!-- raw HTML omitted --\u003espeedmax\u003c/td\u003e\n\u003ctd\u003espeedMin\u003c!-- raw HTML omitted --\u003espeedMax\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003ecpu().speed\u003c/code\u003e\u003c!-- raw HTML omitted --\u003e\u003ccode\u003ecpu().speedMin\u003c/code\u003e\u003c!-- raw HTML omitted --\u003e\u003ccode\u003ecpu().speedMax\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003estring values\u003c/td\u003e\n\u003ctd\u003enow returning\u003c!-- raw HTML omitted --\u003enumerical values\u003c/td\u003e\n\u003ctd\u003ebetter value handling\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003ecpuCurrentspeed()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003ecpuCurrentSpeed()\u003c/td\u003e\n\u003ctd\u003efunction name changed\u003c!-- raw HTML omitted --\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003ecurrentLoad()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003eavgload\u003c!-- raw HTML omitted --\u003ecurrentload\u003c!-- raw HTML omitted --\u003ecurrentload_user\u003c!-- raw HTML omitted --\u003ecurrentload_system\u003c!-- raw HTML omitted --\u003ecurrentload_nice\u003c!-- raw HTML omitted --\u003ecurrentload_idle\u003c!-- raw HTML omitted --\u003ecurrentload_irq\u003c!-- raw HTML omitted --\u003eraw_currentload\u003c/td\u003e\n\u003ctd\u003eavgLoad\u003c!-- raw HTML omitted --\u003ecurrentLoad\u003c!-- raw HTML omitted --\u003ecurrentLoadUser\u003c!-- raw HTML omitted --\u003ecurrentLoadSystem\u003c!-- raw HTML omitted --\u003ecurrentLoadNice\u003c!-- raw HTML omitted --\u003ecurrentLoadIdle\u003c!-- raw HTML omitted --\u003ecurrentLoadIrq\u003c!-- raw HTML omitted --\u003erawCurrentLoad\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003edockerContainerStats()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003emem_usage\u003c!-- raw HTML omitted --\u003emem_limit\u003c!-- raw HTML omitted --\u003emem_percent\u003c!-- raw HTML omitted --\u003ecpu_percent\u003c!-- raw HTML omitted --\u003ecpu_stats\u003c!-- raw HTML omitted --\u003eprecpu_stats\u003c!-- raw HTML omitted --\u003ememory_stats\u003c/td\u003e\n\u003ctd\u003ememUsage\u003c!-- raw HTML omitted --\u003ememLimit\u003c!-- raw HTML omitted --\u003ememPercent\u003c!-- raw HTML omitted --\u003ecpuPercent\u003c!-- raw HTML omitted --\u003ecpuStats\u003c!-- raw HTML omitted --\u003eprecpuStats\u003c!-- raw HTML omitted --\u003ememoryStats\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003edockerContainerProcesses()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003epid_host\u003c/td\u003e\n\u003ctd\u003epidHost\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003egraphics().display\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003epixeldepth\u003c!-- raw HTML omitted --\u003eresolutionx\u003c!-- raw HTML omitted --\u003eresolutiony\u003c!-- raw HTML omitted --\u003esizex\u003c!-- raw HTML omitted --\u003esizey\u003c/td\u003e\n\u003ctd\u003epixelDepth\u003c!-- raw HTML omitted --\u003eresolutionX\u003c!-- raw HTML omitted --\u003eresolutionY\u003c!-- raw HTML omitted --\u003esizeX\u003c!-- raw HTML omitted --\u003esizeY\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003enetworkConnections()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003elocaladdress\u003c!-- raw HTML omitted --\u003elocalport\u003c!-- raw HTML omitted --\u003epeeraddress\u003c!-- raw HTML omitted --\u003epeerport\u003c/td\u003e\n\u003ctd\u003elocalAddress\u003c!-- raw HTML omitted --\u003elocalPort\u003c!-- raw HTML omitted --\u003epeerAddress\u003c!-- raw HTML omitted --\u003epeerPort\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003enetworkInterfaces()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003ecarrier_changes\u003c/td\u003e\n\u003ctd\u003ecarrierChanges\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eprocesses()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003emem_vsz\u003c!-- raw HTML omitted --\u003emem_rss\u003c!-- raw HTML omitted --\u003epcpu\u003c!-- raw HTML omitted --\u003epcpuu\u003c!-- raw HTML omitted --\u003epcpus\u003c!-- raw HTML omitted --\u003epmem\u003c/td\u003e\n\u003ctd\u003ememVsz\u003c!-- raw HTML omitted --\u003ememRss\u003c!-- raw HTML omitted --\u003ecpu\u003c!-- raw HTML omitted --\u003ecpuu\u003c!-- raw HTML omitted --\u003ecpus\u003c!-- raw HTML omitted --\u003emem\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c!-- raw HTML omitted --\u003erenamed attributes\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eprocessLoad()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003eresult as object\u003c/td\u003e\n\u003ctd\u003eresult as array of objects\u003c/td\u003e\n\u003ctd\u003efunction now allows to provide more than\u003c!-- raw HTML omitted --\u003eone process (as a comma separated list)\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eservices()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003epcpu\u003c!-- raw HTML omitted --\u003epmem\u003c/td\u003e\n\u003ctd\u003ecpu\u003c!-- raw HTML omitted --\u003emem\u003c/td\u003e\n\u003ctd\u003erenamed attributes\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003evbox()\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003eHPET\u003c!-- raw HTML omitted --\u003ePAE\u003c!-- raw HTML omitted --\u003eAPIC\u003c!-- raw HTML omitted --\u003eX2APIC\u003c!-- raw HTML omitted --\u003eACPI\u003c!-- raw HTML omitted --\u003eIOAPIC\u003c!-- raw HTML omitted --\u003ebiosAPICmode\u003c!-- raw HTML omitted --\u003eTRC\u003c/td\u003e\n\u003ctd\u003ehpet\u003c!-- raw HTML omitted --\u003epae\u003c!-- raw HTML omitted --\u003eapic\u003c!-- raw HTML omitted --\u003ex2Apic\u003c!-- raw HTML omitted --\u003eacpi\u003c!-- raw HTML omitted --\u003eioApic\u003c!-- raw HTML omitted --\u003ebiosApicMode\u003c!-- raw HTML omitted --\u003ertc\u003c/td\u003e\n\u003ctd\u003epascalCase conformity\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003ch4\u003eOther Improvements and Changes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebaseboard()\u003c/code\u003e: added memMax, memSlots\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebios()\u003c/code\u003e: added language and features (linux)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eblockDevices()\u003c/code\u003e added raid group member (linux)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecpu()\u003c/code\u003e: extended AMD processor list\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebhildebrandt/systeminformation/commit/da1cbf5eb09907cf5c3431f4c9ea441b7a227617\"\u003e\u003ccode\u003eda1cbf5\u003c/code\u003e\u003c/a\u003e 5.31.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebhildebrandt/systeminformation/commit/87dbb60f98dd39452bda211da0b6c63e4a7db898\"\u003e\u003ccode\u003e87dbb60\u003c/code\u003e\u003c/a\u003e fix: smaller issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebhildebrandt/systeminformation/commit/1d1bddf81267a3726b1200fa05ebe04b749f8d64\"\u003e\u003ccode\u003e1d1bddf\u003c/code\u003e\u003c/a\u003e fix: smaller issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebhildebrandt/systeminformation/commit/f69576f8da71571a988e7f430b068952c141bea9\"\u003e\u003ccode\u003ef69576f\u003c/code\u003e\u003c/a\u003e fix: networkInterfaces() ci wip\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebhildebrandt/systeminformation/commit/78624d1567d0410b3b6781caaf2441c4c32a810c\"\u003e\u003ccode\u003e78624d1\u003c/code\u003e\u003c/a\u003e fix: networkInterfaces() ci\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sebhildebrandt/systeminformation/compare/v5.31.5...v5.31.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.16 to 4.12.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.18\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eCache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage\u003c/h3\u003e\n\u003cp\u003eAffects: Cache Middleware. Fixes missing cache-skip handling for \u003ccode\u003eVary: Authorization\u003c/code\u003e and \u003ccode\u003eVary: Cookie\u003c/code\u003e, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rm\u003c/p\u003e\n\u003ch3\u003eCSS Declaration Injection via Style Object Values in JSX SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes a missing CSS-context escape for \u003ccode\u003estyle\u003c/code\u003e object values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7p\u003c/p\u003e\n\u003ch3\u003eImproper validation of NumericDate claims (exp, nbf, iat) in JWT verify()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003ehono/utils/jwt\u003c/code\u003e. Fixes improper validation of \u003ccode\u003eexp\u003c/code\u003e, \u003ccode\u003enbf\u003c/code\u003e, and \u003ccode\u003eiat\u003c/code\u003e claims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003eUsers who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.\u003c/p\u003e\n\u003ch2\u003ev4.12.17\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jsx): normalize SVG attributes on the \u003c!-- raw HTML omitted --\u003e root element by \u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e by \u003ca href=\"https://github.com/yuintei\"\u003e\u003ccode\u003e@​yuintei\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4899\"\u003ehonojs/hono#4899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cors): make origin optional in CORSOptions by \u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): propagate middleware response types to app.on overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4906\"\u003ehonojs/hono#4906\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kfly8\"\u003e\u003ccode\u003e@​kfly8\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4893\"\u003ehonojs/hono#4893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4905\"\u003ehonojs/hono#4905\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.16...v4.12.17\"\u003ehttps://github.com/honojs/hono/compare/v4.12.16...v4.12.17\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f10dee89ced5956b73c1cdc416d6bc0fd54d63b7\"\u003e\u003ccode\u003ef10dee8\u003c/code\u003e\u003c/a\u003e 4.12.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a5bd9ebead279ed9d0239ecbd854f629edfc0e57\"\u003e\u003ccode\u003ea5bd9eb\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/58d3d3ad5656e007ed99da1b73865975952de5e9\"\u003e\u003ccode\u003e58d3d3a\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/568c2ecc1dd556894fad4dfa4a7ba499db6dba9c\"\u003e\u003ccode\u003e568c2ec\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/ff2b3d31df1be35f7d597a95dd3369402b6e87f2\"\u003e\u003ccode\u003eff2b3d3\u003c/code\u003e\u003c/a\u003e 4.12.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/52aaaf9714b06303ce5caa655b1d80675be687e9\"\u003e\u003ccode\u003e52aaaf9\u003c/code\u003e\u003c/a\u003e fix(types): propagate middleware response types to app.on overloads (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4906\"\u003e#4906\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/76d5589e9b0569f4e74ec37e8dd6979455f70dfa\"\u003e\u003ccode\u003e76d5589\u003c/code\u003e\u003c/a\u003e fix(cors): make origin optional in CORSOptions (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4905\"\u003e#4905\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/8f027e5574e91e3c7f263a728656e3888559e51a\"\u003e\u003ccode\u003e8f027e5\u003c/code\u003e\u003c/a\u003e fix(ssg): add \u003ccode\u003eatom+xml\u003c/code\u003e and \u003ccode\u003erss+xml\u003c/code\u003e to \u003ccode\u003edefaultExtensionMap\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4899\"\u003e#4899\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/bfba97ca7ea3d4541a3419f1749e5a1a3e8f1727\"\u003e\u003ccode\u003ebfba97c\u003c/code\u003e\u003c/a\u003e fix(jsx): normalize SVG attributes on the \u0026lt;svg\u0026gt; root element (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4893\"\u003e#4893\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.16...v4.12.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.11.1 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"\u003e\u003ccode\u003ed9b4c66\u003c/code\u003e\u003c/a\u003e v6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"\u003e\u003ccode\u003ecb41a54\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"\u003e\u003ccode\u003e88e1563\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"\u003e\u003ccode\u003e9d441d2\u003c/code\u003e\u003c/a\u003e Merge backport release tags v6.0.6–v6.13.3 into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"\u003e\u003ccode\u003e85cc8ca\u003c/code\u003e\u003c/a\u003e v6.12.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.11.1...v6.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.13.6 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.13.6...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038d...\n\n_Description has been truncated_","html_url":"https://github.com/AKJUS/todomvc/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Ftodomvc/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-14T22:17:35.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4449715181","node_id":"PR_kwDORIIgYM7btEkx","number":43,"state":"open","title":"chore(deps): bump underscore from 1.13.7 to 1.13.8","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T22:17:35.000Z","updated_at":"2026-05-14T22:17:36.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps [underscore](https://github.com/jashkenas/underscore) from 1.13.7 to 1.13.8.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.13.7...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=underscore\u0026package-manager=npm_and_yarn\u0026previous-version=1.13.7\u0026new-version=1.13.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jamelt/annobib/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jamelt/annobib/pull/43","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamelt%2Fannobib/issues/43","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/43/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-14T06:38:39.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4443796024","node_id":"PR_kwDOOFEkfs7baLgQ","number":39,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-14T06:38:39.000Z","updated_at":"2026-05-14T06:39:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"axios","old_version":"1.13.5","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"multer","old_version":"2.0.2","new_version":"2.1.1","repository_url":"https://github.com/expressjs/multer"},{"name":"uuid","old_version":"11.1.0","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@tootallnate/once","old_version":"1.1.2","new_version":"removed","repository_url":"https://github.com/TooTallNate/once"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"qs","old_version":"6.14.1","new_version":"6.14.2","repository_url":"https://github.com/ljharb/qs"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"mongoose","old_version":"8.12.1","new_version":"8.23.1","repository_url":"https://github.com/Automattic/mongoose"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.15.2` |\n| [multer](https://github.com/expressjs/multer) | `2.0.2` | `2.1.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `11.1.0` | `14.0.0` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `1.1.2` | `removed` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [qs](https://github.com/ljharb/qs) | `6.14.1` | `6.14.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [mongoose](https://github.com/Automattic/mongoose) | `8.12.1` | `8.23.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n\n\nUpdates `axios` from 1.13.5 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `multer` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/releases\"\u003emulter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add node version to 25.x in CI by \u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1377\"\u003eexpressjs/multer#1377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1376\"\u003eexpressjs/multer#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1375\"\u003eexpressjs/multer#1375\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1374\"\u003eexpressjs/multer#1374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix error/abort handling by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1373\"\u003eexpressjs/multer#1373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e2.1.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1380\"\u003eexpressjs/multer#1380\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\"\u003ehttps://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.0\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1346\"\u003eexpressjs/multer#1346\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop mkdirp dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop object-assign dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1351\"\u003eexpressjs/multer#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop xtend dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1352\"\u003eexpressjs/multer#1352\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(gitignore): ignore .nyc_output directory by \u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-vi.md regarding file upload by \u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-pt-br.md for array method by \u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eheaders-support-utf8 by \u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Turkish translation (README-tr.md) by \u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.1.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1371\"\u003eexpressjs/multer#1371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\"\u003ehttps://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/blob/main/CHANGELOG.md\"\u003emulter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix error/abort handling\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edefParamCharset\u003c/code\u003e option for UTF-8 filename support (\u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/368c8a10cca11854cf17c24029fefd1eafb1c059\"\u003e\u003ccode\u003e368c8a1\u003c/code\u003e\u003c/a\u003e 2.1.1 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1380\"\u003e#1380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752\"\u003e\u003ccode\u003e7e66481\u003c/code\u003e\u003c/a\u003e 🐛 fix recursion issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/643571ef85e9db94b87a777773f4d67156f82a3e\"\u003e\u003ccode\u003e643571e\u003c/code\u003e\u003c/a\u003e ✅ add explicit test for client able to send body without abrupt disconnect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/e86fa523753f8d54ad0687bf52fb20044b6fa309\"\u003e\u003ccode\u003ee86fa52\u003c/code\u003e\u003c/a\u003e fix error/abort handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/ca37779bf1f531a70af9977805380d0f51d293e2\"\u003e\u003ccode\u003eca37779\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/13088f41e3bf8c3fc21d8c2867ffafb42470ed09\"\u003e\u003ccode\u003e13088f4\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1375\"\u003e#1375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/bc6a1d1374f7ddc9baf9d22bf7c30f831c621e3a\"\u003e\u003ccode\u003ebc6a1d1\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/c496e931263a901ccfc0821ac21768ac23786f77\"\u003e\u003ccode\u003ec496e93\u003c/code\u003e\u003c/a\u003e chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1377\"\u003e#1377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/fa173d30d01f4e18a8be74570b2770c7230b8b05\"\u003e\u003ccode\u003efa173d3\u003c/code\u003e\u003c/a\u003e chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1378\"\u003e#1378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/17d7f5193a237ebfd4c19274c7a6729538b4a9a0\"\u003e\u003ccode\u003e17d7f51\u003c/code\u003e\u003c/a\u003e chore: add node version to 25.x in CI\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 11.1.0 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nRemoves `@tootallnate/once`\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.1 to 6.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/bdcf0c7f82387c18ac8fabfccd2f440645cef47b\"\u003e\u003ccode\u003ebdcf0c7\u003c/code\u003e\u003c/a\u003e v6.14.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/294db90c812ddbe7d7a35d5687c505fd21a2d6a2\"\u003e\u003ccode\u003e294db90\u003c/code\u003e\u003c/a\u003e [readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5c308e5516c270a78caa6f278465914090f91ec6\"\u003e\u003ccode\u003e5c308e5\u003c/code\u003e\u003c/a\u003e [readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/6addf8cf738d529c54d91f6f3ffb6c1be91bbfdc\"\u003e\u003ccode\u003e6addf8c\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cfc108f662326d6ab540f3545ef0b832baf83cdf\"\u003e\u003ccode\u003ecfc108f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/`pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/febb64442a80e49200211fa38d3c96b58024ac77\"\u003e\u003ccode\u003efebb644\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when `thr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482\"\u003e\u003ccode\u003ef6a7abf\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/fbc5206c25b4d1851cea683f02c10756c521d15a\"\u003e\u003ccode\u003efbc5206\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/1b9a8b4e78c6aff4c22fa559107227f02fd0216a\"\u003e\u003ccode\u003e1b9a8b4\u003c/code\u003e\u003c/a\u003e [actions] fix rebase workflow permissions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/2a35775614e0fb46ac8a3060201a32a7c23a7fda\"\u003e\u003ccode\u003e2a35775\u003c/code\u003e\u003c/a\u003e [meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/bdcf0c7f82387c18ac8fabfccd2f440645cef47b\"\u003e\u003ccode\u003ebdcf0c7\u003c/code\u003e\u003c/a\u003e v6.14.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/294db90c812ddbe7d7a35d5687c505fd21a2d6a2\"\u003e\u003ccode\u003e294db90\u003c/code\u003e\u003c/a\u003e [readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5c308e5516c270a78caa6f278465914090f91ec6\"\u003e\u003ccode\u003e5c308e5\u003c/code\u003e\u003c/a\u003e [readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/6addf8cf738d529c54d91f6f3ffb6c1be91bbfdc\"\u003e\u003ccode\u003e6addf8c\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cfc108f662326d6ab540f3545ef0b832baf83cdf\"\u003e\u003ccode\u003ecfc108f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/`pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/febb64442a80e49200211fa38d3c96b58024ac77\"\u003e\u003ccode\u003efebb644\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when `thr...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482\"\u003e\u003ccode\u003ef6a7abf\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/fbc5206c25b4d1851cea683f02c10756c521d15a\"\u003e\u003ccode\u003efbc5206\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/1b9a8b4e78c6aff4c22fa559107227f02fd0216a\"\u003e\u003ccode\u003e1b9a8b4\u003c/code\u003e\u003c/a\u003e [actions] fix rebase workflow permissions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/2a35775614e0fb46ac8a3060201a32a7c23a7fda\"\u003e\u003ccode\u003e2a35775\u003c/code\u003e\u003c/a\u003e [meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mongoose` from 8.12.1 to 8.23.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Automattic/mongoose/releases\"\u003emongoose's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e8.23.1 / 2026-04-23\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): support sort option in Model.bulkWrite() updateOne and replaceOne operations \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16091\"\u003e#16091\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16079\"\u003e#16079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(setDefaultsOnInsert): check child filter paths before applying defaults (backport \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16031\"\u003e#16031\u003c/a\u003e to 8.x) \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16219\"\u003e#16219\u003c/a\u003e \u003ca href=\"https://github.com/marklai1998\"\u003emarklai1998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(schema): always pass raw string value to error validators, only trim to 30 chars for maxlength validator \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16238\"\u003e#16238\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16236\"\u003e#16236\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15550\"\u003e#15550\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15571\"\u003e#15571\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.23.0 / 2026-02-09\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(document): add flattenUUIDs option to toObject() and toJSON() (backport \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15021\"\u003e#15021\u003c/a\u003e to 8.x)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.1 / 2025-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.0 / 2026-01-27\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(model): allow passing strict option to hydrate() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15944\"\u003e#15944\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15940\"\u003e#15940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.21.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(clone): fix parent doc for map subdocuments and array subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: respect currentTime schema option in bulkWrite updates \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15976\"\u003e#15976\u003c/a\u003e \u003ca href=\"https://github.com/sderrow\"\u003esderrow\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.21.0 / 2025-12-29\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(document): add support for getAtomics() to allow custom container types to utilize atomics \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15817\"\u003e#15817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(document+model): pass options to pre('deleteOne') and update+options to pre('updateOne') hooks \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15908\"\u003e#15908\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15870\"\u003e#15870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add support for typescript style enums \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15914\"\u003e#15914\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15913\"\u003e#15913\u003c/a\u003e \u003ca href=\"https://github.com/mjfwebb\"\u003emjfwebb\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.4 / 2025-12-18\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): ensure $isDeleted is set after calling doc.deleteOne() successfully \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15898\"\u003e#15898\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): use bitwise OR to accumulate version mode flags \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15893\"\u003e#15893\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15888\"\u003e#15888\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.3 / 2025-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eperf: use Object.hasOwn instead of Object#hasOwnProperty \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15875\"\u003e#15875\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: improve error when calling Document.prototype.init() with null/undefined \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15812\"\u003e#15812\u003c/a\u003e \u003ca href=\"https://github.com/Vegapunk-debug\"\u003eVegapunk-debug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): avoid treating paths with default: null as required \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15889\"\u003e#15889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): allow partial statics to schema.statics() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15780\"\u003e#15780\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.2 / 2025-12-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): bump version if necessary after successful bulkSave() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15809\"\u003e#15809\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15800\"\u003e#15800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(bulkWrite): pass overwriteImmutable option to castUpdate fixes \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15789\"\u003e#15789\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15782\"\u003e#15782\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15781\"\u003e#15781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Automattic/mongoose/blob/8.23.1/CHANGELOG.md\"\u003emongoose's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e8.23.1 / 2026-04-23\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): support sort option in Model.bulkWrite() updateOne and replaceOne operations \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16091\"\u003e#16091\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16079\"\u003e#16079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(setDefaultsOnInsert): check child filter paths before applying defaults (backport \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16031\"\u003e#16031\u003c/a\u003e to 8.x) \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16219\"\u003e#16219\u003c/a\u003e \u003ca href=\"https://github.com/marklai1998\"\u003emarklai1998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(schema): always pass raw string value to error validators, only trim to 30 chars for maxlength validator \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16238\"\u003e#16238\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16236\"\u003e#16236\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15550\"\u003e#15550\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15571\"\u003e#15571\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.23.0 / 2026-02-09\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(document): add flattenUUIDs option to toObject() and toJSON() (backport \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15021\"\u003e#15021\u003c/a\u003e to 8.x)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.1 / 2026-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e7.8.9 / 2026-02-04\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle other top-level query operators in sanitizeFilter\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.22.0 / 2026-01-27\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(model): allow passing strict option to hydrate() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15944\"\u003e#15944\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15940\"\u003e#15940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.21.1 / 2026-01-23\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(clone): fix parent doc for map subdocuments and array subdocuments \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15958\"\u003e#15958\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): when cloning a doc with subdocs, make sure the subdocs parent is the cloned doc \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15904\"\u003e#15904\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15901\"\u003e#15901\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: respect currentTime schema option in bulkWrite updates \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15976\"\u003e#15976\u003c/a\u003e \u003ca href=\"https://github.com/sderrow\"\u003esderrow\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(models): support Mongoose query casting in AnyBulkWriteOperation filter property \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15910\"\u003e#15910\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: add toBSON() to documents \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15927\"\u003e#15927\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.21.0 / 2025-12-29\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efeat(document): add support for getAtomics() to allow custom container types to utilize atomics \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15817\"\u003e#15817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(document+model): pass options to pre('deleteOne') and update+options to pre('updateOne') hooks \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15908\"\u003e#15908\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15870\"\u003e#15870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add support for typescript style enums \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15914\"\u003e#15914\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15913\"\u003e#15913\u003c/a\u003e \u003ca href=\"https://github.com/mjfwebb\"\u003emjfwebb\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.4 / 2025-12-18\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003efix(model): ensure $isDeleted is set after calling doc.deleteOne() successfully \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15898\"\u003e#15898\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(document): use bitwise OR to accumulate version mode flags \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15893\"\u003e#15893\u003c/a\u003e \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15888\"\u003e#15888\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e8.20.3 / 2025-12-15\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eperf: use Object.hasOwn instead of Object#hasOwnProperty \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15875\"\u003e#15875\u003c/a\u003e \u003ca href=\"https://github.com/AbdelrahmanHafez\"\u003eAbdelrahmanHafez\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: improve error when calling Document.prototype.init() with null/undefined \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15812\"\u003e#15812\u003c/a\u003e \u003ca href=\"https://github.com/Vegapunk-debug\"\u003eVegapunk-debug\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): avoid treating paths with default: null as required \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15889\"\u003e#15889\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes(schema): allow partial statics to schema.statics() \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/15780\"\u003e#15780\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/2302290b8084a2986cdca0a89f59413f559da7b4\"\u003e\u003ccode\u003e2302290\u003c/code\u003e\u003c/a\u003e chore: release 8.23.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/03224e1d52d2ac2ff4080eb2931fc523d0cf56e1\"\u003e\u003ccode\u003e03224e1\u003c/code\u003e\u003c/a\u003e Merge branch '8.23' into 8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/d8a0dba19997d74838e86ca2056153c24ba91599\"\u003e\u003ccode\u003ed8a0dba\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16219\"\u003e#16219\u003c/a\u003e from marklai1998/fix/set-default-on-insert\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/86037f329ba988d43e56d8309f7b8a21b5633065\"\u003e\u003ccode\u003e86037f3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16238\"\u003e#16238\u003c/a\u003e from Automattic/vkarpov15/\u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16236\"\u003egh-16236\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/634e9e25fc0fa934ff3df978508fa15cf17515f2\"\u003e\u003ccode\u003e634e9e2\u003c/code\u003e\u003c/a\u003e Potential fix for pull request finding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/dee02943fe8dd96d6c1e7da5d8c380ed8c5544cb\"\u003e\u003ccode\u003edee0294\u003c/code\u003e\u003c/a\u003e fix(schema): always pass raw string value to error validators, only trim to 3...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/55c5cd127886d6b2b066b756a0382b20c1f95f2a\"\u003e\u003ccode\u003e55c5cd1\u003c/code\u003e\u003c/a\u003e chore: empty commit to retrigger CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/9ddf06f4879fd1f3e393f16a2506a864f40a0288\"\u003e\u003ccode\u003e9ddf06f\u003c/code\u003e\u003c/a\u003e chore: fix lint error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/6e5db6fc6f94ba30e2c995570f458eac76fe479e\"\u003e\u003ccode\u003e6e5db6f\u003c/code\u003e\u003c/a\u003e fix(setDefaultsOnInsert): check child filter paths before applying defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Automattic/mongoose/commit/7db8ab7806b0443b03a1f44b215d5640a5d49edb\"\u003e\u003ccode\u003e7db8ab7\u003c/code\u003e\u003c/a\u003e Fix Model.bulkWrite sorting in 8.x (\u003ca href=\"https://redirect.github.com/Automattic/mongoose/issues/16091\"\u003e#16091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Automattic/mongoose/compare/8.12.1...8.23.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for mongoose since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHS...\n\n_Description has been truncated_\n\n---\n\n🔄 This PR updates 12 npm dependencies across the project, including major version bumps for axios (1.13.5→1.15.2), multer (2.0.2→2.1.1), sqlite3 (5.1.6→6.0.1), and uuid (11.1.0→14.0.0), along with several security fixes and performance improvements.\n\n\u003cdetails\u003e\n\u003csummary\u003e🔍 \u003cstrong\u003eDetailed Analysis\u003c/strong\u003e\u003c/summary\u003e\n\n### Key Changes\n- **Direct Dependencies**: Updated 4 production dependencies with significant version changes\n- **Transitive Dependencies**: Updated 8 indirect dependencies including security patches\n- **Security Fixes**: Multiple CVE fixes across axios, multer, uuid, and path-to-regexp packages\n- **Compatibility**: Some breaking changes requiring Node.js 20+ for certain packages\n\n### Technical Implementation\n```mermaid\nflowchart TD\n    A[Dependabot Scan] --\u003e B[Identify Updates]\n    B --\u003e C[Security Patches]\n    B --\u003e D[Feature Updates]\n    B --\u003e E[Bug Fixes]\n    C --\u003e F[axios: CVE fixes]\n    C --\u003e G[multer: CVE-2026-3520]\n    C --\u003e H[uuid: GHSA-w5hq-g745-h8pq]\n    C --\u003e I[path-to-regexp: CVE-2026-4867]\n    D --\u003e J[New Features Added]\n    E --\u003e K[Performance Improvements]\n    F --\u003e L[Updated package.json]\n    G --\u003e L\n    H --\u003e L\n    I --\u003e L\n    J --\u003e L\n    K --\u003e L\n```\n\n### Impact\n- **Security Enhancement**: Addresses multiple CVEs including prototype pollution, SSRF, and buffer overflow vulnerabilities\n- **Performance Improvements**: Axios memory leak fixes, mongoose performance optimizations, and uuid v4() improvements\n- **Breaking Changes**: uuid now requires Node.js 20+, removes CommonJS support; sqlite3 major version bump may affect database operations\n- **Feature Additions**: New axios `allowedSocketPaths` config, multer UTF-8 filename support, and mongoose atomic operations support\n\n\u003c/details\u003e\n\n_Created with [Palmier](https://www.palmier.io)_","html_url":"https://github.com/GlacierEQ/documind/pull/39","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GlacierEQ%2Fdocumind/issues/39","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/39/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-12T00:14:59.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4425212618","node_id":"PR_kwDOOj_V_M7aeNe1","number":256,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 7 directories with 22 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-20T00:13:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T00:14:59.000Z","updated_at":"2026-05-20T00:13:32.000Z","time_to_close":691111,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":22,"packages":[{"name":"next","old_version":"14.2.33","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"rollup","old_version":"4.52.2","new_version":"4.59.0","repository_url":"https://github.com/rollup/rollup"},{"name":"postcss","old_version":"8.5.9","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.28.5","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"axios","old_version":"1.13.0","new_version":"1.16.0","repository_url":"https://github.com/axios/axios"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"ip-address","old_version":"10.0.1","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"koa","old_version":"2.16.3","new_version":"2.16.4","repository_url":"https://github.com/koajs/koa"},{"name":"liquidjs","old_version":"10.25.6","new_version":"10.25.7","repository_url":"https://github.com/harttle/liquidjs"},{"name":"lodash","old_version":"4.17.21","new_version":"4.17.23","repository_url":"https://github.com/lodash/lodash"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"svgo","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"tar","old_version":"7.5.1","new_version":"7.5.15","repository_url":"https://github.com/isaacs/node-tar"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"undici","old_version":"7.16.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 20 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [next](https://github.com/vercel/next.js) | `14.2.33` | `15.5.18` |\n| [rollup](https://github.com/rollup/rollup) | `4.52.2` | `4.59.0` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.9` | `8.5.10` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.28.5` | `7.29.4` |\n| [axios](https://github.com/axios/axios) | `1.13.0` | `1.16.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `10.0.1` | `10.2.0` |\n| [koa](https://github.com/koajs/koa) | `2.16.3` | `2.16.4` |\n| [liquidjs](https://github.com/harttle/liquidjs) | `10.25.6` | `10.25.7` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.1` | `7.5.15` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n| [undici](https://github.com/nodejs/undici) | `7.16.0` | `7.25.0` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\nBumps the npm_and_yarn group with 3 updates in the /1st-gen directory: [next](https://github.com/vercel/next.js), [rollup](https://github.com/rollup/rollup) and [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core).\nBumps the npm_and_yarn group with 1 update in the /1st-gen/projects/css-custom-vars-viewer directory: [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core).\nBumps the npm_and_yarn group with 1 update in the /1st-gen/projects/documentation directory: [rollup](https://github.com/rollup/rollup).\nBumps the npm_and_yarn group with 1 update in the /2nd-gen/packages/swc directory: [postcss](https://github.com/postcss/postcss).\nBumps the npm_and_yarn group with 1 update in the /2nd-gen/packages/tools/postcss-token directory: [postcss](https://github.com/postcss/postcss).\nBumps the npm_and_yarn group with 1 update in the /2nd-gen/packages/tools/vite-global-elements-css directory: [postcss](https://github.com/postcss/postcss).\n\nUpdates `next` from 14.2.33 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.33...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.52.2 to 4.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/releases\"\u003erollup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.59.0\u003c/h2\u003e\n\u003ch2\u003e4.59.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6275\"\u003e#6275\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.58.0\u003c/h2\u003e\n\u003ch2\u003e4.58.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-20\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlso support \u003ccode\u003e__NO_SIDE_EFFECTS__\u003c/code\u003e annotation before variable declarations declaring function expressions (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6272\"\u003e#6272\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6256\"\u003e#6256\u003c/a\u003e: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (\u003ca href=\"https://github.com/njg7194\"\u003e\u003ccode\u003e@​njg7194\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6259\"\u003e#6259\u003c/a\u003e: docs: Correct typo and improve sentence structure in docs for \u003ccode\u003eoutput.experimentalMinChunkSize\u003c/code\u003e (\u003ca href=\"https://github.com/millerick\"\u003e\u003ccode\u003e@​millerick\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6260\"\u003e#6260\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v47 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6261\"\u003e#6261\u003c/a\u003e: fix(deps): lock file maintenance minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6262\"\u003e#6262\u003c/a\u003e: Avoid unnecessary cloning of the code string (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6263\"\u003e#6263\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6265\"\u003e#6265\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6267\"\u003e#6267\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6268\"\u003e#6268\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v63 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6269\"\u003e#6269\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6270\"\u003e#6270\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6272\"\u003e#6272\u003c/a\u003e: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.57.1\u003c/h2\u003e\n\u003ch2\u003e4.57.1\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-01-30\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix heap corruption issue in Windows (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6251\"\u003e#6251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnsure exports of a dynamic import are fully included when called from a try...catch (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6254\"\u003e#6254\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6251\"\u003e#6251\u003c/a\u003e: fix: Isolate and cache \u003ccode\u003eprocess.report.getReport()\u003c/code\u003e calls in a child process for robust environment detection (\u003ca href=\"https://github.com/alan-agius4\"\u003e\u003ccode\u003e@​alan-agius4\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/master/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.59.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6276\"\u003e#6276\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6275\"\u003e#6275\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.58.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-20\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAlso support \u003ccode\u003e__NO_SIDE_EFFECTS__\u003c/code\u003e annotation before variable declarations declaring function expressions (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6272\"\u003e#6272\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6256\"\u003e#6256\u003c/a\u003e: docs: document PreRenderedChunk properties including isDynamicEntry and isImplicitEntry (\u003ca href=\"https://github.com/njg7194\"\u003e\u003ccode\u003e@​njg7194\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6259\"\u003e#6259\u003c/a\u003e: docs: Correct typo and improve sentence structure in docs for \u003ccode\u003eoutput.experimentalMinChunkSize\u003c/code\u003e (\u003ca href=\"https://github.com/millerick\"\u003e\u003ccode\u003e@​millerick\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6260\"\u003e#6260\u003c/a\u003e: fix(deps): update rust crate swc_compiler_base to v47 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6261\"\u003e#6261\u003c/a\u003e: fix(deps): lock file maintenance minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6262\"\u003e#6262\u003c/a\u003e: Avoid unnecessary cloning of the code string (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6263\"\u003e#6263\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6265\"\u003e#6265\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6267\"\u003e#6267\u003c/a\u003e: fix(deps): update minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6268\"\u003e#6268\u003c/a\u003e: chore(deps): update dependency eslint-plugin-unicorn to v63 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6269\"\u003e#6269\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6270\"\u003e#6270\u003c/a\u003e: chore(deps): lock file maintenance (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6272\"\u003e#6272\u003c/a\u003e: forward NO_SIDE_EFFECTS annotations to function expressions in variable declarations (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.57.1\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-01-30\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix heap corruption issue in Windows (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6251\"\u003e#6251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eEnsure exports of a dynamic import are fully included when called from a try...catch (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6254\"\u003e#6254\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6251\"\u003e#6251\u003c/a\u003e: fix: Isolate and cache \u003ccode\u003eprocess.report.getReport()\u003c/code\u003e calls in a child process for robust environment detection (\u003ca href=\"https://github.com/alan-agius4\"\u003e\u003ccode\u003e@​alan-agius4\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6252\"\u003e#6252\u003c/a\u003e: chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6253\"\u003e#6253\u003c/a\u003e: chore(deps): lock file maintenance minor/patch updates (\u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot], \u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6254\"\u003e#6254\u003c/a\u003e: Fully include dynamic imports in a try-catch (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/ae846957f109690a866cc3e4c073613c338d3476\"\u003e\u003ccode\u003eae84695\u003c/code\u003e\u003c/a\u003e 4.59.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/b39616e9175b3d9fc3977c99153174c490805a93\"\u003e\u003ccode\u003eb39616e\u003c/code\u003e\u003c/a\u003e Update audit-resolve\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2\"\u003e\u003ccode\u003ec60770d\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6275\"\u003e#6275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/33f39c1f205ea2eadaf4b589e493453e2baa3662\"\u003e\u003ccode\u003e33f39c1\u003c/code\u003e\u003c/a\u003e 4.58.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/b61c40803b717854c1c28937e8098e5ad3c7b8ca\"\u003e\u003ccode\u003eb61c408\u003c/code\u003e\u003c/a\u003e forward NO_SIDE_EFFECTS annotations to function expressions in variable decla...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/7f00689ec90e2cafb11c26eefbcac62343c936f6\"\u003e\u003ccode\u003e7f00689\u003c/code\u003e\u003c/a\u003e Extend agent instructions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/e7b2b85af0901244ecc141b9d792c6db6b527ea4\"\u003e\u003ccode\u003ee7b2b85\u003c/code\u003e\u003c/a\u003e chore(deps): lock file maintenance (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6270\"\u003e#6270\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/2aa5da9baf82211b8207d268c8751630cb766970\"\u003e\u003ccode\u003e2aa5da9\u003c/code\u003e\u003c/a\u003e fix(deps): update minor/patch updates (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6267\"\u003e#6267\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/4319837c5448d0c10d89e9ded118888deec2eeec\"\u003e\u003ccode\u003e4319837\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency lru-cache to v11 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6269\"\u003e#6269\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/c3b6b4bdc4f2ed978fa233132a526957e6513233\"\u003e\u003ccode\u003ec3b6b4b\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency eslint-plugin-unicorn to v63 (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6268\"\u003e#6268\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/rollup/rollup/compare/v4.52.2...v4.59.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for rollup since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.9 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.9...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.28.5 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.0 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.0...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwin...\n\n_Description has been truncated_","html_url":"https://github.com/Reality2byte/spectrum-web-components/pull/256","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Reality2byte%2Fspectrum-web-components/issues/256","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/256/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-09T21:24:43.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4413874736","node_id":"PR_kwDOOHO_y87Z6S5C","number":23,"state":"open","title":"Bump the npm_and_yarn group across 15 directories with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T21:24:43.000Z","updated_at":"2026-05-09T21:25:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.2","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.4.47","new_version":"8.5.14","repository_url":"https://github.com/postcss/postcss"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"webpack","old_version":"5.95.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the /examples/angular directory: [fast-uri](https://github.com/fastify/fast-uri) and [ip-address](https://github.com/beaugunderson/ip-address).\nBumps the npm_and_yarn group with 1 update in the /examples/angularjs_require/test directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 4 updates in the /examples/backbone directory: [qs](https://github.com/ljharb/qs), [underscore](https://github.com/jashkenas/underscore), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /examples/backbone_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 2 updates in the /examples/dijon directory: [jquery](https://github.com/jquery/jquery) and [handlebars](https://github.com/handlebars-lang/handlebars.js).\nBumps the npm_and_yarn group with 13 updates in the /examples/emberjs/todomvc directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.2` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.14` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [webpack](https://github.com/webpack/webpack) | `5.95.0` | `5.104.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /examples/javascript-es5 directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 11 updates in the /examples/javascript-es6 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.14` |\n| [qs](https://github.com/ljharb/qs) | `6.11.0` | `6.15.1` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.106.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.5` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n\nBumps the npm_and_yarn group with 4 updates in the /examples/jquery directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [handlebars](https://github.com/handlebars-lang/handlebars.js).\nBumps the npm_and_yarn group with 1 update in the /examples/knockback directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/lavaca_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 2 updates in the /examples/typescript-backbone directory: [jquery](https://github.com/jquery/jquery) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 3 updates in the /examples/web-components directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.11.1 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"\u003e\u003ccode\u003ed9b4c66\u003c/code\u003e\u003c/a\u003e v6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"\u003e\u003ccode\u003ecb41a54\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"\u003e\u003ccode\u003e88e1563\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"\u003e\u003ccode\u003e9d441d2\u003c/code\u003e\u003c/a\u003e Merge backport release tags v6.0.6–v6.13.3 into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"\u003e\u003ccode\u003e85cc8ca\u003c/code\u003e\u003c/a\u003e v6.12.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.11.1...v6.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.13.6 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.13.6...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://red...\n\n_Description has been truncated_","html_url":"https://github.com/AKJUS/todomvc/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Ftodomvc/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-08T21:21:52.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4409474311","node_id":"PR_kwDOIEoBZ87ZsPIS","number":21,"state":"closed","title":"Bump the npm_and_yarn group across 15 directories with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T00:52:12.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-08T21:21:52.000Z","updated_at":"2026-05-09T00:52:14.000Z","time_to_close":12620,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.2","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"postcss","old_version":"8.4.47","new_version":"8.5.14","repository_url":"https://github.com/postcss/postcss"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"webpack","old_version":"5.95.0","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the /examples/angular directory: [fast-uri](https://github.com/fastify/fast-uri) and [ip-address](https://github.com/beaugunderson/ip-address).\nBumps the npm_and_yarn group with 1 update in the /examples/angularjs_require/test directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 4 updates in the /examples/backbone directory: [qs](https://github.com/ljharb/qs), [underscore](https://github.com/jashkenas/underscore), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /examples/backbone_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/canjs_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 2 updates in the /examples/dijon directory: [jquery](https://github.com/jquery/jquery) and [handlebars](https://github.com/handlebars-lang/handlebars.js).\nBumps the npm_and_yarn group with 13 updates in the /examples/emberjs/todomvc directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.2` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.47` | `8.5.14` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [webpack](https://github.com/webpack/webpack) | `5.95.0` | `5.104.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /examples/javascript-es5 directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 11 updates in the /examples/javascript-es6 directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.31` | `8.5.14` |\n| [qs](https://github.com/ljharb/qs) | `6.11.0` | `6.15.1` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.2` | `1.16.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.106.2` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `7.0.5` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n\nBumps the npm_and_yarn group with 4 updates in the /examples/jquery directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects), [lodash](https://github.com/lodash/lodash) and [handlebars](https://github.com/handlebars-lang/handlebars.js).\nBumps the npm_and_yarn group with 1 update in the /examples/knockback directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 1 update in the /examples/lavaca_require directory: [jquery](https://github.com/jquery/jquery).\nBumps the npm_and_yarn group with 2 updates in the /examples/typescript-backbone directory: [jquery](https://github.com/jquery/jquery) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 3 updates in the /examples/web-components directory: [qs](https://github.com/ljharb/qs), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.11.1 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"\u003e\u003ccode\u003ed9b4c66\u003c/code\u003e\u003c/a\u003e v6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"\u003e\u003ccode\u003ecb41a54\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"\u003e\u003ccode\u003e88e1563\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"\u003e\u003ccode\u003e9d441d2\u003c/code\u003e\u003c/a\u003e Merge backport release tags v6.0.6–v6.13.3 into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"\u003e\u003ccode\u003e85cc8ca\u003c/code\u003e\u003c/a\u003e v6.12.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.11.1...v6.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.13.6 to 1.13.8\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/9374840c22e348083d0d072f30dc980622523259\"\u003e\u003ccode\u003e9374840\u003c/code\u003e\u003c/a\u003e Merge branch 'release/1.13.8'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/309ad7e6658b927ca5f28ce069665d9c523c53e5\"\u003e\u003ccode\u003e309ad7e\u003c/code\u003e\u003c/a\u003e Re-generate annotated sources and minified codemaps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a1ac1d33537662304d4985f61301112ea0f1f051\"\u003e\u003ccode\u003ea1ac1d3\u003c/code\u003e\u003c/a\u003e Add links to diff and docs in 1.13.8 change log entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/b579595ec9da8db15196bc1d3547833458939c44\"\u003e\u003ccode\u003eb579595\u003c/code\u003e\u003c/a\u003e Mention CVE-2026-27601 in comments and documentation (\u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/3011\"\u003e#3011\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/45ea015a99069780db492a114c1e709dd77d3b89\"\u003e\u003ccode\u003e45ea015\u003c/code\u003e\u003c/a\u003e Revert obfuscations from 42823bb.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4a4019e00beb2c42eda20c05f375a35983b748f0\"\u003e\u003ccode\u003e4a4019e\u003c/code\u003e\u003c/a\u003e Update minified bundles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1ccfdd0c50470d862bb553c1e0c70567a59d4355\"\u003e\u003ccode\u003e1ccfdd0\u003c/code\u003e\u003c/a\u003e Add preliminary release notes for 1.13.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/42823bbff87e9fe82855d5adb5ba7ff839f8b446\"\u003e\u003ccode\u003e42823bb\u003c/code\u003e\u003c/a\u003e Temporarily obfuscate comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84\"\u003e\u003ccode\u003ea6e23ae\u003c/code\u003e\u003c/a\u003e Make _.isEqual nonrecursive\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/f2b516441ab99b82045f2a336c348899e6527e00\"\u003e\u003ccode\u003ef2b5164\u003c/code\u003e\u003c/a\u003e Add regression test against stack overflow in _.isEqual\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.13.6...1.13.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.2 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.2...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5388\"\u003e#5388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/063831b6378d518f9870ec5c4f1e7d5d16e04f36\"\u003e063831b6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eShave off a couple of bytes (\u003ca href=\"https://github.com/jquery/jquery/commit/b40a4807b604efbde51faf075d11e25441af1990\"\u003eb40a4807\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't stringify attributes in the setter (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4948\"\u003e#4948\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/4250b628783d7bfa92ec6c5550c6e4b22fab6034\"\u003e4250b628\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the \u003ccode\u003etoggleClass(boolean|undefined)\u003c/code\u003e signature (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3388\"\u003e#3388\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a4421101fd6d9d7b0550210f8e8690641733dd9a\"\u003ea4421101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRefactor val(): don't strip carriage return, isolate IE workarounds (\u003ca href=\"https://github.com/jquery/jquery/commit/ff2819911da6cbbed5ee42c35d695240f06e65e3\"\u003eff281991\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't set the type attr hook at all outside of IE (\u003ca href=\"https://github.com/jquery/jquery/commit/9e66fe9acf0ef27681f5a21149fc61678f791641\"\u003e9e66fe9a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCSS\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix dimensions of table \u003ccode\u003e\u0026lt;col\u0026gt;\u003c/code\u003e elements (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5628\"\u003e#5628\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/eca2a56457e1c40c071aeb3ac87efeb8bbb8013e\"\u003eeca2a564\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the cache in finalPropName (\u003ca href=\"https://github.com/jquery/jquery/commit/640d5825df5ff223560c5690f1a268681c32f9fa\"\u003e640d5825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTests: Fix tests \u0026amp; support tests under CSS Zoom (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5489\"\u003e#5489\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/071f6dba6bd1d8db3f36ce4694aab5ff437b9e36\"\u003e071f6dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix reliableTrDimensions support test for initially hidden iframes (\u003ca href=\"https://github.com/jquery/jquery/commit/b1e66a5faaf46ffcbcc27c79a9a224aaf851a987\"\u003eb1e66a5f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSelector: Align with 3.x, remove the outer \u003ccode\u003eselector.js\u003c/code\u003e wrapper (\u003ca href=\"https://github.com/jquery/jquery/commit/53cf7244da2a2040333335c36e435b1c12efdff9\"\u003e53cf7244\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the reliableTrDimensions support test work with Bootstrap CSS (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5270\"\u003e#5270\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/65b85031fb5688361c077bc04e641e4b502671e1\"\u003e65b85031\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eoffsetHeight( true )\u003c/code\u003e, etc. include negative margins (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3982\"\u003e#3982\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/bce13b72c1753e16cc0db53ebf0f0456bdcf6b48\"\u003ebce13b72\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReturn \u003ccode\u003eundefined\u003c/code\u003e for whitespace-only CSS variable values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5120\"\u003e#5120\u003c/a\u003e) (\u003ca href=\"https://github.com/jquery/jquery/commit/7eb0019640a5856c42b451551eb7f995d913eba9\"\u003e7eb00196\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon’t trim whitespace of undefined custom property (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5105\"\u003e#5105\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/ed306c0261ab63746040e5d58bb4477c3069a427\"\u003eed306c02\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSkip falsy values in \u003ccode\u003eaddClass( array )\u003c/code\u003e, compress code (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4998\"\u003e#4998\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a338b407f2479f82df40635055effc163835183f\"\u003ea338b407\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJustify use of rtrim on CSS property values (\u003ca href=\"https://github.com/jquery/jquery/commit/655c0ed5e204b1f6427e09d615a49586a7bc84eb\"\u003e655c0ed5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTrim whitespace surrounding CSS Custom Properties values (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4926\"\u003e#4926\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/efadfe991a5c287af561a9326bf1427d726c91c1\"\u003eefadfe99\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003eshow\u003c/code\u003e, \u003ccode\u003ehide\u003c/code\u003e \u0026amp; \u003ccode\u003etoggle\u003c/code\u003e methods in the jQuery slim build (\u003ca href=\"https://github.com/jquery/jquery/commit/297d18dd13f7b810ea5a4afeefa4cb15d9e16e16\"\u003e297d18dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove the opacity CSS hook (\u003ca href=\"https://github.com/jquery/jquery/commit/865469f5e60f55feb28469bb0a7526dd22f04b4e\"\u003e865469f5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWorkaround buggy getComputedStyle on table rows in IE/Edge (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4490\"\u003e#4490\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/26415e081b318dbe1d46d2b7c30e05f14c339b75\"\u003e26415e08\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't automatically add \u0026quot;px\u0026quot; to properties with a few exceptions (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/2795\"\u003e#2795\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/00a9c2e5f4c855382435cec6b3908eb9bd5a53b7\"\u003e00a9c2e5\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/4f2fae08f23b54ce09322e62e73cce6161b8d3cb\"\u003e\u003ccode\u003e4f2fae0\u003c/code\u003e\u003c/a\u003e Release: 4.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c838cfb5bb0c6cd17cfaa1dd83aca8d20589de99\"\u003e\u003ccode\u003ec838cfb\u003c/code\u003e\u003c/a\u003e Release: remove dist files from main branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/97525193735ed32c332f0dbaf2f782df8b1b949b\"\u003e\u003ccode\u003e9752519\u003c/code\u003e\u003c/a\u003e Release: 4.0.0-rc.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c128d5d8a8fd9e9b3dcd3efa493e71f6a1649bd8\"\u003e\u003ccode\u003ec128d5d\u003c/code\u003e\u003c/a\u003e Release: Update AUTHORS.txt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/5fe9c298c0538f7cffc1c92c3abc8fadca644dde\"\u003e\u003ccode\u003e5fe9c29\u003c/code\u003e\u003c/a\u003e Build: De-dupe three authors via mailmap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/afdd032fdbc90e22f49a69627f4dec0dd3a2f0a4\"\u003e\u003ccode\u003eafdd032\u003c/code\u003e\u003c/a\u003e Build: Post beta browser tests errors to jquery/dev on Matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/546a1eb03c345e1bafb72ae1aeb898abb5b3e51b\"\u003e\u003ccode\u003e546a1eb\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 4 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/ec738b3190a3b67d08f51451e1faa15f1f4bf916\"\u003e\u003ccode\u003eec738b3\u003c/code\u003e\u003c/a\u003e Build: Fix Chrome beta tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/c28c26aef0b3238f578690d73703382951cb355d\"\u003e\u003ccode\u003ec28c26a\u003c/code\u003e\u003c/a\u003e Build: Add periodic tests on beta versions of browsers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jquery/jquery/commit/f513413ac81acabe68769e8879ce19c10eff1f59\"\u003e\u003ccode\u003ef513413\u003c/code\u003e\u003c/a\u003e Build: Bump the github-actions group with 2 updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jquery/jquery/compare/2.2.4...4.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~timmywil\"\u003etimmywil\u003c/a\u003e, a new releaser for jquery since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jquery` from 2.2.4 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jquery/jquery/releases\"\u003ejquery's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 4.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://blog.jquery.com/2026/01/17/jquery-4-0-0/\"\u003ehttps://blog.jquery.com/2026/01/17/jquery-4-0-0/\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAjax\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't treat array data as binary (\u003ca href=\"https://github.com/jquery/jquery/commit/992a1911d0b6195012edc25fd5a48810d4be64b5\"\u003e992a1911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eprocessData: true\u003c/code\u003e even for binary data (\u003ca href=\"https://github.com/jquery/jquery/commit/ce264e0789116e37fe371503537a217c038dfae8\"\u003ece264e07\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport binary data (including FormData) (\u003ca href=\"https://github.com/jquery/jquery/commit/a7ed9a7b6364273b1b964fd2cf9691dec2cbec6b\"\u003ea7ed9a7b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003eheaders\u003c/code\u003e for script transport even when cross-domain (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/5142\"\u003e#5142\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/6d1364431b63b0d3bbe1c5fd604131f9db453396\"\u003e6d136443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport \u003ccode\u003enull\u003c/code\u003e as success functions in \u003ccode\u003ejQuery.get\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4989\"\u003e#4989\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/74978b7e892537559850cda7332bdab8106e6354\"\u003e74978b7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDon't auto-execute scripts unless dataType provided (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4822\"\u003e#4822\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/025da4dd343e6734f3d3c1b4785b1548498115d8\"\u003e025da4dd\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake responseJSON work for erroneous same-domain JSONP requests (\u003ca href=\"https://github.com/jquery/jquery/commit/68b4ec59c8f290d680e9db4bc980655660817dd1\"\u003e68b4ec59\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExecute JSONP error script responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4771\"\u003e#4771\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/a1e619b03a557b47c3e26a5e74af12b63a0d5e73\"\u003ea1e619b0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAvoid CSP errors in the script transport for async requests (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3969\"\u003e#3969\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/07a8e4a177550025c1a08d7ac754839733943f55\"\u003e07a8e4a1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDrop the json to jsonp auto-promotion logic (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1799\"\u003e#1799\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jquery/jquery/issues/3376\"\u003e#3376\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/e7b3bc488d01d584262e12a7c5c25f935d0d034b\"\u003ee7b3bc48\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOverwrite s.contentType with content-type header value, if any (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4119\"\u003e#4119\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/7fb90a6beaeffe16699800f73746748f6a5cc2de\"\u003e7fb90a6b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeprecate AJAX event aliases, inline event/alias into deprecated (\u003ca href=\"https://github.com/jquery/jquery/commit/23d53928f383b0e7440bf4b08b7524e6af232fad\"\u003e23d53928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not execute scripts for unsuccessful HTTP responses (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/4250\"\u003e#4250\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/50871a5a85cc802421b40cc67e2830601968affe\"\u003e50871a5a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSimplify jQuery.ajaxSettings.xhr (\u003ca href=\"https://redirect.github.com/jquery/jquery/issues/1967\"\u003e#1967\u003c/a\u003e, \u003ca href=\"https://github.com/jquery/jquery/commit/abdc89ac2e581392b800c0364e0f5f2b6a82cdc6\"\u003eabdc89ac\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAttributes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMake \u003ccode\u003e.attr( name, false )\u003c/code\u003e remove for all non-ARIA attrs (\u003ca href=\"https://red...\n\n_Description has been truncated_","html_url":"https://github.com/codemonkey85/todomvc/pull/21","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/codemonkey85%2Ftodomvc/issues/21","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/21/packages"}},{"old_version":"1.13.7","new_version":"1.13.8","update_type":"patch","path":null,"pr_created_at":"2026-05-07T05:48:14.000Z","version_change":"1.13.7 → 1.13.8","issue":{"uuid":"4396438199","node_id":"PR_kwDOJEmqjs7ZBgAc","number":941,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","no-pr-activity","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-07T05:48:14.000Z","updated_at":"2026-05-15T01:18:26.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":16,"packages":[{"name":"fastify","old_version":"4.29.0","new_version":"5.8.5","repository_url":"https://github.com/fastify/fastify"},{"name":"undici","old_version":"6.20.1","new_version":"6.24.0","repository_url":"https://github.com/nodejs/undici"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"defu","old_version":"6.1.4","new_version":"6.1.7","repository_url":"https://github.com/unjs/defu"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"h3","old_version":"1.13.0","new_version":"1.15.11","repository_url":"https://github.com/h3js/h3"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"markdown-it","old_version":"14.1.0","new_version":"14.1.1","repository_url":"https://github.com/markdown-it/markdown-it"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"4.28.1","new_version":"4.60.3","repository_url":"https://github.com/rollup/rollup"},{"name":"underscore","old_version":"1.13.7","new_version":"1.13.8","repository_url":"https://github.com/jashkenas/underscore"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 14 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fastify](https://github.com/fastify/fastify) | `4.29.0` | `5.8.5` |\n| [undici](https://github.com/nodejs/undici) | `6.20.1` | `6.24.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [h3](https://github.com/h3js/h3) | `1.13.0` | `1.15.11` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `4.28.1` | `4.60.3` |\n| [underscore](https://github.com/jashkenas/underscore) | `1.13.7` | `1.13.8` |\n\nBumps the npm_and_yarn group with 4 updates in the /sdk directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch), [picomatch](https://github.com/micromatch/picomatch) and [rollup](https://github.com/rollup/rollup).\n\nUpdates `fastify` from 4.29.0 to 5.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fastify/releases\"\u003efastify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.8.5\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-33806 \u003ca href=\"https://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\"\u003ehttps://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: Fix port parsing by \u003ca href=\"https://github.com/jsumners\"\u003e\u003ccode\u003e@​jsumners\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6603\"\u003efastify/fastify#6603\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: upgrade to typescript v6.0.2 by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6605\"\u003efastify/fastify#6605\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: restore trustProxy function for number and string types, add null check for socketAddr by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6613\"\u003efastify/fastify#6613\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: reduce cron scheduled workflows from daily/weekly to monthly by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6623\"\u003efastify/fastify#6623\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6629\"\u003efastify/fastify#6629\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6632\"\u003efastify/fastify#6632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump borp from 0.21.0 to 1.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6633\"\u003efastify/fastify#6633\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6630\"\u003efastify/fastify#6630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(ecosystem): add \u003ccode\u003e@​pompelmi/fastify-plugin\u003c/code\u003e by \u003ca href=\"https://github.com/SonoTommy\"\u003e\u003ccode\u003e@​SonoTommy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6610\"\u003efastify/fastify#6610\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SonoTommy\"\u003e\u003ccode\u003e@​SonoTommy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6610\"\u003efastify/fastify#6610\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify/compare/v5.8.4...v5.8.5\"\u003ehttps://github.com/fastify/fastify/compare/v5.8.4...v5.8.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.8.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fastify/compare/v5.8.3...v5.8.4\"\u003ehttps://github.com/fastify/fastify/compare/v5.8.3...v5.8.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.8.3\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cp\u003eThis fixes CVE CVE-2026-3635 \u003ca href=\"https://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf\"\u003ehttps://github.com/fastify/fastify/security/advisories/GHSA-444r-cwp2-x5xf\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs(readme): add \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e to plugin team by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6565\"\u003efastify/fastify#6565\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated Plugins-Guide.md; Changed \u0026quot;fastify\u0026quot; to \u0026quot;instance\u0026quot; during plugin registration to showcase that it's added as a child by \u003ca href=\"https://github.com/kyrylchenko\"\u003e\u003ccode\u003e@​kyrylchenko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6566\"\u003efastify/fastify#6566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: use fastify.test in test case by \u003ca href=\"https://github.com/climba03003\"\u003e\u003ccode\u003e@​climba03003\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6568\"\u003efastify/fastify#6568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: use fastify.example in documentation by \u003ca href=\"https://github.com/climba03003\"\u003e\u003ccode\u003e@​climba03003\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6567\"\u003efastify/fastify#6567\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add common performance degradation guidance by \u003ca href=\"https://github.com/maxpetrusenko\"\u003e\u003ccode\u003e@​maxpetrusenko\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6520\"\u003efastify/fastify#6520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs(server): fix camelCase anchor links in TOC by \u003ca href=\"https://github.com/Deepvamja\"\u003e\u003ccode\u003e@​Deepvamja\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6530\"\u003efastify/fastify#6530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(link-checker): fix root-relative links resolution by \u003ca href=\"https://github.com/barba-rossa\"\u003e\u003ccode\u003e@​barba-rossa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6535\"\u003efastify/fastify#6535\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update syntax markdown, absolute paths and links by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6569\"\u003efastify/fastify#6569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify content-type parser/schema mismatch is outside threat model by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6537\"\u003efastify/fastify#6537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix incorrect code examples in Reply and Request reference by \u003ca href=\"https://github.com/mahmoodhamdi\"\u003e\u003ccode\u003e@​mahmoodhamdi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6582\"\u003efastify/fastify#6582\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: replace redirected npm.im http-errors link by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6588\"\u003efastify/fastify#6588\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etypes: Allow port to be null in request type definition by \u003ca href=\"https://github.com/TristanBarlow\"\u003e\u003ccode\u003e@​TristanBarlow\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6589\"\u003efastify/fastify#6589\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: update links by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6593\"\u003efastify/fastify#6593\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(lock-threads): use shared lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6592\"\u003efastify/fastify#6592\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kyrylchenko\"\u003e\u003ccode\u003e@​kyrylchenko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6566\"\u003efastify/fastify#6566\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/maxpetrusenko\"\u003e\u003ccode\u003e@​maxpetrusenko\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6520\"\u003efastify/fastify#6520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Deepvamja\"\u003e\u003ccode\u003e@​Deepvamja\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6530\"\u003efastify/fastify#6530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/barba-rossa\"\u003e\u003ccode\u003e@​barba-rossa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fastify/pull/6535\"\u003efastify/fastify#6535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/3983cce8124714242099e8756a7a9a80a0ba0aea\"\u003e\u003ccode\u003e3983cce\u003c/code\u003e\u003c/a\u003e Bumped v5.8.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/3ce3ae6752dbed672759856081af9cb1e2733105\"\u003e\u003ccode\u003e3ce3ae6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/b06a196b694c0c7aed53976cd77456f1ad7d4c9f\"\u003e\u003ccode\u003eb06a196\u003c/code\u003e\u003c/a\u003e docs(ecosystem): add \u003ccode\u003e@​pompelmi/fastify-plugin\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6610\"\u003e#6610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/909c5d5329536b0acc004da7649b3da8af9273b2\"\u003e\u003ccode\u003e909c5d5\u003c/code\u003e\u003c/a\u003e chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6630\"\u003e#6630\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/4db21a36ddb588acaebf5a4472ccb3b0d5fc9db0\"\u003e\u003ccode\u003e4db21a3\u003c/code\u003e\u003c/a\u003e chore: Bump borp from 0.21.0 to 1.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6633\"\u003e#6633\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/0f4e544c8acd7c42df347936e613a73cecc4f3fe\"\u003e\u003ccode\u003e0f4e544\u003c/code\u003e\u003c/a\u003e chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6632\"\u003e#6632\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/33a2fcd39de584713495bf4b3bd864137746f224\"\u003e\u003ccode\u003e33a2fcd\u003c/code\u003e\u003c/a\u003e chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6629\"\u003e#6629\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/fd35d829a8cd496a3c1170c0c1c021130e3ca0e8\"\u003e\u003ccode\u003efd35d82\u003c/code\u003e\u003c/a\u003e ci: reduce cron schedules from daily/weekly to monthly (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6623\"\u003e#6623\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/8dee9be05ebf683cd212aeff1d294f6ea1ec405c\"\u003e\u003ccode\u003e8dee9be\u003c/code\u003e\u003c/a\u003e fix: restore trustProxy function for number and string types, add null check ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fastify/commit/d457aeda8611777389c7e4713a288eb7ddb9a389\"\u003e\u003ccode\u003ed457aed\u003c/code\u003e\u003c/a\u003e chore: upgrade to typescript v6.0.2 (\u003ca href=\"https://redirect.github.com/fastify/fastify/issues/6605\"\u003e#6605\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fastify/compare/v4.29.0...v5.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~climba03003\"\u003eclimba03003\u003c/a\u003e, a new releaser for fastify since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 6.20.1 to 6.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.23.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4e0179ae643e6f4380f24cc3683c1b1ca2afb094\"\u003e\u003ccode\u003e4e0179a\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5a97f0893b53ba7d1d5549d3df7e55d9c2673f89\"\u003e\u003ccode\u003e5a97f08\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/e43e898603dd5e0c14a75b08b83257598d664a39\"\u003e\u003ccode\u003ee43e898\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v6.20.1...v6.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `defu` from 6.1.4 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/releases\"\u003edefu's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExport Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/blob/main/CHANGELOG.md\"\u003edefu's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edefu.d.cts:\u003c/strong\u003e Export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tea.yaml (\u003ca href=\"https://github.com/unjs/defu/commit/70cffe5\"\u003e70cffe5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate repo (\u003ca href=\"https://github.com/unjs/defu/commit/23cc432\"\u003e23cc432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typecheck (\u003ca href=\"https://github.com/unjs/defu/commit/89df6bb\"\u003e89df6bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🤖 CI\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695\"\u003e\u003ccode\u003e80c0146\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321\"\u003e\u003ccode\u003e40d7ef4\u003c/code\u003e\u003c/a\u003e fix(defu.d.cts): export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697\"\u003e\u003ccode\u003e3d3a7c8\u003c/code\u003e\u003c/a\u003e build: correct the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b\"\u003e\u003ccode\u003e001c290\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12\"\u003e\u003ccode\u003e407b516\u003c/code\u003e\u003c/a\u003e build: fix mixed types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315\"\u003e\u003ccode\u003e23e59e6\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9\"\u003e\u003ccode\u003e11ba022\u003c/code\u003e\u003c/a\u003e fix: ignore inherited enumerable properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29\"\u003e\u003ccode\u003e3942bfb\u003c/code\u003e\u003c/a\u003e fix: prevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/d3ef16dabe861713192ba8679c5db8e0ac143f9b\"\u003e\u003ccode\u003ed3ef16d\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/checkout action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/869a053effb7b1bf49a1635e1bb211840daa589e\"\u003e\u003ccode\u003e869a053\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `h3` from 1.13.0 to 1.15.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/h3/releases\"\u003eh3's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.10...v1.15.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate defu to 6.1.6 (\u003ca href=\"https://github.com/h3js/h3/commit/6125485\"\u003e6125485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8\"\u003e4998dd8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate cookie-es (\u003ca href=\"https://github.com/h3js/h3/commit/d166186\"\u003ed166186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.9...v1.15.10\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSergio Azócar (\u003ca href=\"https://github.com/sergioazoc\"\u003e\u003ccode\u003e@​sergioazoc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.9\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.9\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Prevent path traversal via double-encoded dot segments (\u003ccode\u003e%252e%252e\u003c/code\u003e) (\u003ca href=\"https://github.com/h3js/h3/commit/c56683d\"\u003ec56683d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esse:\u003c/strong\u003e Sanitize carriage returns in event stream data and comments (\u003ca href=\"https://github.com/h3js/h3/commit/ba3c3fe\"\u003eba3c3fe\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.8\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.8\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.6...v1.15.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Narrow path traversal check to match \u003ccode\u003e..\u003c/code\u003e as a path segment only (\u003ca href=\"https://github.com/h3js/h3/commit/c049dc0\"\u003ec049dc0\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eapp:\u003c/strong\u003e Decode percent-encoded path segments to prevent auth bypass (\u003ca href=\"https://github.com/h3js/h3/commit/313ea52\"\u003e313ea52\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e💅 Refactors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove implicit event handler conversion warning (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1340\"\u003e#1340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/h3js/h3/blob/v1.15.11/CHANGELOG.md\"\u003eh3's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.11\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.10...v1.15.11\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate defu to 6.1.6 (\u003ca href=\"https://github.com/h3js/h3/commit/6125485\"\u003e6125485\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8\"\u003e4998dd8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate cookie-es (\u003ca href=\"https://github.com/h3js/h3/commit/d166186\"\u003ed166186\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.10\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.9...v1.15.10\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/pull/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/26fec6f\"\u003e26fec6f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSergio Azócar (\u003ca href=\"https://github.com/sergioazoc\"\u003e\u003ccode\u003e@​sergioazoc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.15.9\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/h3js/h3/compare/v1.15.7...v1.15.9\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve \u003ccode\u003e%25\u003c/code\u003e in pathname (\u003ca href=\"https://github.com/h3js/h3/commit/1103df6\"\u003e1103df6\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003estatic:\u003c/strong\u003e Prevent path traversal via double-encoded dot segments (\u003ccode\u003e%252e%252e\u003c/code\u003e) (\u003ca href=\"https://github.com/h3js/h3/commit/c56683d\"\u003ec56683d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003esse:\u003c/strong\u003e Sanitize carriage returns in event stream data and comments (\u003ca href=\"https://github.com/h3js/h3/commit/ba3c3fe\"\u003eba3c3fe\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003erelease:\u003c/strong\u003e V1.15.8 (\u003ca href=\"https://github.com/h3js/h3/commit/e3b9c9e\"\u003ee3b9c9e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate deps (\u003ca href=\"https://github.com/h3js/h3/commit/23045df\"\u003e23045df\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/7b9f41fda6038d26a367c2a26a07ed83ee1dbaac\"\u003e\u003ccode\u003e7b9f41f\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/d166186ed63de5a21fa4bb0aede4f4574994a3b5\"\u003e\u003ccode\u003ed166186\u003c/code\u003e\u003c/a\u003e chore: update cookie-es\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/4998dd8de60ddd6a182948e543143eaa56927399\"\u003e\u003ccode\u003e4998dd8\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/612548586357cbf0bad27bcb1b1615f4c40b1560\"\u003e\u003ccode\u003e6125485\u003c/code\u003e\u003c/a\u003e chore: update defu to 6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/b72bb57060cf68e627575e0c350742f4fa8206fa\"\u003e\u003ccode\u003eb72bb57\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/d8ef318fa9ce086036588443d683f97f9bb9faf8\"\u003e\u003ccode\u003ed8ef318\u003c/code\u003e\u003c/a\u003e remove resolutions for h3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/26fec6ff549e646bef284b8df4e267ddb8fc0b67\"\u003e\u003ccode\u003e26fec6f\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/51ca9b3750a2a1426257c96e5a81001e3ec3bb42\"\u003e\u003ccode\u003e51ca9b3\u003c/code\u003e\u003c/a\u003e fix: preserve percent-encoded req.url in app event handler (\u003ca href=\"https://redirect.github.com/h3js/h3/issues/1355\"\u003e#1355\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/4e8d43a7703d0d5c8bbc09748db1d8b9f3c51b42\"\u003e\u003ccode\u003e4e8d43a\u003c/code\u003e\u003c/a\u003e chore(release): v1.15.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/h3js/h3/commit/23045df515a67f00182b5f7ca126cbec40efda4d\"\u003e\u003ccode\u003e23045df\u003c/code\u003e\u003c/a\u003e chore: update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/h3js/h3/compare/v1.13.0...v1.15.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `markdown-it` from 14.1.0 to 14.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md\"\u003emarkdown-it's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[14.1.1] - 2026-01-11\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression from v13 in linkify inline rule. Specific patterns could\ncause high CPU use. Thanks to \u003ca href=\"https://github.com/ltduc147\"\u003e\u003ccode\u003e@​ltduc147\u003c/code\u003e\u003c/a\u003e for report.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/b4a9b659ef5734223731cfaa3ad5eacc6fc22918\"\u003e\u003ccode\u003eb4a9b65\u003c/code\u003e\u003c/a\u003e 14.1.1 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/4b4bbcae5e0990a5b172378e507b33a59012ed26\"\u003e\u003ccode\u003e4b4bbca\u003c/code\u003e\u003c/a\u003e Fixed perf regression in linkify-it wrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/markdown-it/markdown-it/commit/d2782d892a51201b25d3eeab172201ad5a53a24c\"\u003e\u003ccode\u003ed2782d8\u003c/code\u003e\u003c/a\u003e Add supplementary example-driven documentation (\u003ca href=\"https://redirect.github.com/markdown-it/markdown-it/issues/1092\"\u003e#1092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/markdown-it/markdown-it/compare/14.1.0...14.1.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` f...\n\n_Description has been truncated_","html_url":"https://github.com/thirdweb-dev/engine/pull/941","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/thirdweb-dev%2Fengine/issues/941","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/941/packages"}}]}